I can reproduce this, for example:
$ openstack security group rule create --ingress --protocol 70 --dst-port 70:71 default
Although the security DB code does check the range, it only does it for protocols it knows support it like TCP. There should be a check to reject a range if it's not a known good protocol.
I'm working on a change now.
I can reproduce this, for example:
$ openstack security group rule create --ingress --protocol 70 --dst-port 70:71 default
Although the security DB code does check the range, it only does it for protocols it knows support it like TCP. There should be a check to reject a range if it's not a known good protocol.
I'm working on a change now.