2016-08-10 23:28:46 |
Inessa Vasilevskaya |
bug |
|
|
added bug |
2016-08-10 23:40:29 |
Assaf Muller |
bug |
|
|
added subscriber Jakub Libosvar |
2016-08-10 23:40:52 |
Inessa Vasilevskaya |
description |
Seen on master devstack, ubuntu xenial.
Steps to reproduce:
1. Enable ovs firewall in /etc/neutron/plugins/ml2/ml2.conf
[securitygroup]
firewall_driver = openvswitch
2. Create a security group with icmp, tcp to 22.
3. Boot a VM, assign a floating ip.
4. Check that port 23 can be accessed. |
Seen on master devstack, ubuntu xenial.
Steps to reproduce:
1. Enable ovs firewall in /etc/neutron/plugins/ml2/ml2.conf
[securitygroup]
firewall_driver = openvswitch
2. Create a security group with icmp, tcp to 22.
3. Boot a VM, assign a floating ip.
4. Check that port 23 can be accessed via tcp (telnet, nc, etc). |
|
2016-08-10 23:41:38 |
Inessa Vasilevskaya |
neutron: assignee |
|
Inessa Vasilevskaya (ivasilevskaya) |
|
2016-08-11 08:05:22 |
Jakub Libosvar |
neutron: status |
New |
Confirmed |
|
2016-08-11 08:46:43 |
Jakub Libosvar |
neutron: importance |
Undecided |
High |
|
2016-08-11 23:33:23 |
OpenStack Infra |
neutron: status |
Confirmed |
In Progress |
|
2016-08-11 23:57:37 |
Jeremy Stanley |
bug task added |
|
ossa |
|
2016-08-11 23:57:54 |
Jeremy Stanley |
information type |
Public |
Public Security |
|
2016-08-11 23:58:16 |
Jeremy Stanley |
ossa: status |
New |
Incomplete |
|
2016-08-18 07:43:42 |
OpenStack Infra |
neutron: assignee |
Inessa Vasilevskaya (ivasilevskaya) |
IWAMOTO Toshihiro (iwamoto) |
|
2016-08-19 01:35:22 |
OpenStack Infra |
neutron: assignee |
IWAMOTO Toshihiro (iwamoto) |
Inessa Vasilevskaya (ivasilevskaya) |
|
2016-08-19 03:26:46 |
Armando Migliaccio |
tags |
|
mitaka-backport-potential |
|
2016-08-19 12:20:47 |
OpenStack Infra |
neutron: assignee |
Inessa Vasilevskaya (ivasilevskaya) |
Jakub Libosvar (libosvar) |
|
2016-08-21 01:06:36 |
OpenStack Infra |
neutron: assignee |
Jakub Libosvar (libosvar) |
Inessa Vasilevskaya (ivasilevskaya) |
|
2016-08-29 04:04:18 |
Tristan Cacqueray |
ossa: status |
Incomplete |
Won't Fix |
|
2016-09-05 16:04:06 |
Inessa Vasilevskaya |
summary |
[ovs firewall] Port 23 is open on booted vms with only ping/ssh on 22 allowed. |
[ovs firewall] Port masking adds wrong masks in several cases. |
|
2016-09-15 17:36:06 |
Armando Migliaccio |
neutron: milestone |
|
newton-rc1 |
|
2016-09-16 01:03:59 |
Armando Migliaccio |
tags |
mitaka-backport-potential |
mitaka-backport-potential newton-rc-potential |
|
2016-09-16 01:04:10 |
Armando Migliaccio |
neutron: milestone |
newton-rc1 |
ocata-1 |
|
2016-09-16 18:12:56 |
Armando Migliaccio |
neutron: milestone |
ocata-1 |
newton-rc2 |
|
2016-09-20 17:05:21 |
Armando Migliaccio |
tags |
mitaka-backport-potential newton-rc-potential |
mitaka-backport-potential |
|
2016-09-20 17:05:25 |
Armando Migliaccio |
neutron: milestone |
newton-rc2 |
ocata-1 |
|
2016-09-22 22:39:39 |
Armando Migliaccio |
tags |
mitaka-backport-potential |
mitaka-backport-potential newton-rc-potential |
|
2016-09-22 22:59:42 |
Armando Migliaccio |
neutron: milestone |
ocata-1 |
newton-rc2 |
|
2016-09-24 17:34:20 |
OpenStack Infra |
neutron: status |
In Progress |
Fix Released |
|
2016-09-26 19:56:35 |
Ihar Hrachyshka |
tags |
mitaka-backport-potential newton-rc-potential |
mitaka-backport-potential newton-rc-potential ovs-fw |
|
2016-09-26 23:12:15 |
OpenStack Infra |
tags |
mitaka-backport-potential newton-rc-potential ovs-fw |
in-stable-newton mitaka-backport-potential newton-rc-potential ovs-fw |
|
2016-10-04 07:10:02 |
Bence Romsics |
bug |
|
|
added subscriber Bence Romsics |
2016-10-07 15:56:21 |
Ihar Hrachyshka |
tags |
in-stable-newton mitaka-backport-potential newton-rc-potential ovs-fw |
in-stable-newton mitaka-backport-potential ovs-fw |
|
2016-11-29 01:40:13 |
OpenStack Infra |
tags |
in-stable-newton mitaka-backport-potential ovs-fw |
in-stable-mitaka in-stable-newton mitaka-backport-potential ovs-fw |
|
2017-01-17 21:50:16 |
Ihar Hrachyshka |
tags |
in-stable-mitaka in-stable-newton mitaka-backport-potential ovs-fw |
in-stable-mitaka in-stable-newton mitaka-backport-potential neutron-proactive-backport-potential ovs-fw |
|
2017-01-18 14:26:53 |
Ihar Hrachyshka |
tags |
in-stable-mitaka in-stable-newton mitaka-backport-potential neutron-proactive-backport-potential ovs-fw |
in-stable-mitaka in-stable-newton mitaka-backport-potential ovs-fw |
|
2017-01-18 14:27:09 |
Ihar Hrachyshka |
tags |
in-stable-mitaka in-stable-newton mitaka-backport-potential ovs-fw |
in-stable-mitaka in-stable-newton ovs-fw |
|
2017-01-18 16:07:11 |
Jeremy Stanley |
information type |
Public Security |
Public |
|