neutron

Intersecting port ranges in security-group-rules

Bug #1662571 reported by Inessa Vasilevskaya
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
In Progress
Wishlist
Unassigned

Bug Description

Seen on: newton devstack

Currently it is possible to create security-group-rules with intersecting port ranges (like [769, 781] and [770, 777] http://paste.openstack.org/show/597980/). This works for any type of firewall_driver, both iptables and ovsfw.

I believe this can be optimized a bit.

Tags: sg-fw
Armando Migliaccio (armando-migliaccio)
Changed in neutron:
importance: Undecided → Wishlist
tags: added: sg-fw
Reedip (reedip-banerjee-deactivatedaccount)
Changed in neutron:
assignee: nobody → Reedip (reedip-banerjee)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/456591

Changed in neutron:
status: New → In Progress
Revision history for this message
Kevin Benton (kevinbenton) wrote :

To be clear, we don't want to prevent this at the API level because it's convenient for the user. This bug can be used to optimize inside the firewall implementations though.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (master)

Change abandoned by Armando Migliaccio (<email address hidden>) on branch: master
Review: https://review.openstack.org/456591
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Revision history for this message
Reedip (reedip-banerjee-deactivatedaccount) wrote :

Since I am not active anymore, I would like to remove myself from the assignee. Its open for anyone else to take up.

Changed in neutron:
assignee: Reedip (reedip-banerjee) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.