yahoo-eng-team team mailing list archive

[Kevin Benton <1463589@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

create SG1 an SG2 that only allow traffic to members of their own group
create two networks with same 10.0.0.0/24 CIDR
create port1 in SG1 on net1 with IP 10.0.0.1
create port2 in SG1 on net2 with IP 10.0.0.2
create port3 in SG2 on net1 with IP 10.0.0.2

port1 can communicate with port3 because of the allow rule for port2's
IP

This violates the constraints of the configured security groups.

** Affects: neutron
     Importance: Undecided
     Assignee: Kevin Benton (kevinbenton)
         Status: New

** Changed in: neutron
     Assignee: (unassigned) => Kevin Benton (kevinbenton)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1463589

Title:
  rules referencing security group members expose VMs in overlapping IP
  scenarios

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  create SG1 an SG2 that only allow traffic to members of their own group
  create two networks with same 10.0.0.0/24 CIDR
  create port1 in SG1 on net1 with IP 10.0.0.1
  create port2 in SG1 on net2 with IP 10.0.0.2
  create port3 in SG2 on net1 with IP 10.0.0.2

  port1 can communicate with port3 because of the allow rule for port2's
  IP

  This violates the constraints of the configured security groups.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1463589/+subscriptions