yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1745642] [NEW] SG hybrid iptables driver and FWaaS OVS driver create overlapping conntrack zones

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1745642@xxxxxxxxxxxxxxxxxx>
Date: Fri, 26 Jan 2018 17:17:30 -0000
Reply-to: Bug 1745642 <1745642@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug:

SG with hybrid-iptables driver uses per port conntrack zones. FWaaS port
security uses per network conntrack zones based on local vlans assigned
by ovs l2 agent. In case both SG iptables-hybrid driver and FWaaS port
security is enabled, there is a posibility of iptables-hybrid and OVS
based FWaaS driver allocating overlapping zone and creating security
holes.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
SG hybrid iptables driver and FWaaS OVS driver create overlapping conntrack zones 
https://bugs.launchpad.net/bugs/1745642
You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron.

References

[Bug 1745642] [NEW] SG hybrid iptables driver and FWaaS OVS driver create overlapping conntrack zones
From: chandan dutta chowdhury, 2018-01-26