[openstack-dev] [Neutron]One security issue about floating ip

Vishvananda Ishaya vishvananda at gmail.com
Thu Jun 26 19:36:27 UTC 2014

I believe this will affect nova-network as well. We probably should use something like the linux cutter utility to kill any ongoing connections after we remove the nat rule.


On Jun 25, 2014, at 8:18 PM, Xurong Yang <idopra at gmail.com> wrote:

> Hi folks,
> After we create an SSH connection to a VM via its floating ip, even though we have removed the floating ip association, we can still access the VM via that connection. Namely, SSH is not disconnected when the floating ip is not valid. Any good solution about this security issue?
> Thanks
> Xurong Yang 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140626/7a6ccb93/attachment.pgp>

More information about the OpenStack-dev mailing list