neutron

  1. Bug #1300785
  2. Comment #5

Comment 5 for bug 1300785

Revision history for this message
Aaron Rosen (arosen) wrote : Re: neutron allows security group rules with invalid cidrs, resulting in broken iptables rules (breaking iptables-restore)

I agree this is a security concern. It prevents security group rules from being applied on a host after one installs that rule. I just reproduced this issue and tested this patch: https://review.openstack.org/#/c/59212/16 which fixes the issue. I think we should focus on getting that merged asap. I'm wondering if there should also be a security CVE released though so people are aware of the issue downstream.