← Back to team overview

registry team mailing list archive

[Bug 659135] [NEW] Security Group ingress filtering doesn't work if traffic is routed

 

Public bug reported:

Security Group ingress filtering doesn't for routed traffic. I.e. if the
VM's are connected to a bridge, traffic coming into the host on an
interface that isn't on the same bridge, the incoming traffic escapes
filtering. This is due to a shortcoming in libvirt's nwfilter code which
didn't get updated in response to a change in the linux kernel that
removed support for --physdev-out filtering for non-bridged traffic.

https://bugzilla.redhat.com/show_bug.cgi?id=642171

** Affects: nova
     Importance: Undecided
         Status: New

** Bug watch added: Red Hat Bugzilla #642171
   https://bugzilla.redhat.com/show_bug.cgi?id=642171

-- 
Security Group ingress filtering doesn't work if traffic is routed
https://bugs.launchpad.net/bugs/659135
You received this bug notification because you are a member of Registry
Administrators, which is subscribed to OpenStack.



Follow ups

References