yahoo-eng-team team mailing list archive

[chandan dutta chowdhury <chandanc@xxxxxxxxxxx>]

Public bug reported:

SG with hybrid-iptables driver uses per port conntrack zones. FWaaS port
security uses per network conntrack zones based on local vlans assigned
by ovs l2 agent. In case both SG iptables-hybrid driver and FWaaS port
security is enabled, there is a posibility of iptables-hybrid and OVS
based FWaaS driver allocating overlapping zone and creating security
holes.

** Affects: neutron
     Importance: Undecided
     Assignee: chandan dutta chowdhury (chandanc)
         Status: New

** Project changed: cinder => neutron

** Changed in: neutron
     Assignee: (unassigned) => chandan dutta chowdhury (chandanc)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1745642

Title:
  SG hybrid iptables driver and FWaaS OVS driver create overlapping
  conntrack zones

Status in neutron:
  New

Bug description:
  SG with hybrid-iptables driver uses per port conntrack zones. FWaaS
  port security uses per network conntrack zones based on local vlans
  assigned by ovs l2 agent. In case both SG iptables-hybrid driver and
  FWaaS port security is enabled, there is a posibility of iptables-
  hybrid and OVS based FWaaS driver allocating overlapping zone and
  creating security holes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1745642/+subscriptions