← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #38305

[Bug 1493955] Re: CIDR that ends in /0 makes rule act as if it is a 0.0.0.0/0

  Thread PreviousDate PreviousThread Next 
This is how CIDRs work, there is no way to know what they meant to do.
How would we know they didn't mean to put in 192.168.0.0/25?

** Changed in: neutron
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1493955

Title:
  CIDR that ends in /0 makes rule act as if it is a 0.0.0.0/0

Status in neutron:
  Won't Fix

Bug description:
  A security rule can be added that ends with a /0 that makes the rule
  act as if it is a 0.0.0.0/0 type of rule.

  Example:

  (neutron) security-group-rule-list
  +--------------------------------------+----------------+-----------+-----------+---------------+-----------------------+
  | id                                   | security_group | direction | ethertype | protocol/port | remote                |
  +--------------------------------------+----------------+-----------+-----------+---------------+-----------------------+
  | BLAHBLAHID | TEST          | ingress   | IPv4      | 3128/tcp      | 192.168.10.0/0 (CIDR) |

  The example below is to allow TCP ingress for port 3128 only from
  192.168.10.0/24 networks.  Instead during the addition of the rule, a
  mistake happened and instead of a /24 network, it was entered in as a
  /0.

  The rule now allows 0.0.0.0/0 networks access to TCP port 3128 instead
  of the intended CIDR.

  This can create a security issue as non-network people could
  inadvertently open up access to areas they did not want to allow.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1493955/+subscriptions

References

  Thread PreviousDate PreviousThread Next