yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1717121] Re: Security group Inbound rule allows ip addresses with /0 option.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: "Gary W. Smith" <gary.smith@xxxxxxxx>
Date: Mon, 25 Sep 2017 16:02:45 -0000
Reply-to: Bug 1717121 <1717121@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

If this is not a valid network configuration, then you should create a
bug  I don't  in neutron to prevent it, which would then apply to the
UI, the CLI, and any other API client.

** Changed in: horizon
       Status: New => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1717121

Title:
  Security group Inbound rule allows ip addresses with /0 option.

Status in OpenStack Dashboard (Horizon):
  Opinion

Bug description:
  Under security groups, when we try to add a new inbound rule using
  CIDR it doesn`t validate the input.

  example.

  0.0.0.0/0 is a rule that will open inbound access to internet. but at
  the same time if there is a valid ip e.g. 172.155.0.0/0 then "0" bit
  match should not be allowed.

  
  This UI validation is the part of AWS. so even if someone by mistake types the /0 with valid ip address it will make the rule to open the inbound to entire internet.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1717121/+subscriptions

References

[Bug 1717121] [NEW] Security group Inbound rule allows ip addresses with /0 option.
From: Nilesh, 2017-09-13