neutron

  1. Bug #1461054
  2. Comment #60

Comment 60 for bug 1461054

Revision history for this message
Tristan Cacqueray (tristan-cacqueray) wrote : Re: Adding 0.0.0.0/0 to allowed address pairs breaks l2 agent (CVE-2015-3221)

FWIW, I couldn't reproduced it on Juno devstack with:

disable_service n-net
enable_service q-svc
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-meta
enable_service q-fwaas
Q_SERVICE_PLUGIN_CLASSES=neutron.services.firewall.fwaas_plugin.FirewallPlugin
Q_USE_SECGROUP=True

The ipset command do fails but it does not prevent new instances to boot nor impact previous instance connectivity.