yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1611991] Re: [ovs firewall] Port 23 is open on booted vms with only ping/ssh on 22 allowed.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jeremy Stanley <fungi@xxxxxxxxxxx>
Date: Thu, 11 Aug 2016 23:59:21 -0000
Reply-to: Bug 1611991 <1611991@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

What change introduced this bug? Is it present in stable branches too,
or just master?

** Also affects: ossa
   Importance: Undecided
       Status: New

** Information type changed from Public to Public Security

** Changed in: ossa
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1611991

Title:
  [ovs firewall] Port 23 is open on booted vms with only ping/ssh on 22
  allowed.

Status in neutron:
  In Progress
Status in OpenStack Security Advisory:
  Incomplete

Bug description:
  Seen on master devstack, ubuntu xenial.

  Steps to reproduce:

  1. Enable ovs firewall in /etc/neutron/plugins/ml2/ml2.conf

  [securitygroup]
  firewall_driver = openvswitch

  2. Create a security group with icmp, tcp to 22.

  3. Boot a VM, assign a floating ip.

  4. Check that port 23 can be accessed via tcp (telnet, nc, etc).

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1611991/+subscriptions

References

[Bug 1611991] [NEW] [ovs firewall] Port 23 is open on booted vms with only ping/ssh on 22 allowed.
From: Inessa Vasilevskaya, 2016-08-10