[Openstack-security] [Bug 1244025] Re: Remote security group criteria don't work in Midonet plugin

Dave Cahill dcahill at midokura.com
Mon Dec 16 02:56:03 UTC 2013


Jeremy - sure, sounds good. Assuming the user can't contact us and wants
to check directly, that would work. Alternatively, they could check that
the method _sg_ip_addr_group_name() exists in
neutron/plugins/midonet/plugin.py, since that was created as part of the
patch.

Thanks!

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1244025

Title:
  Remote security group criteria don't work in Midonet plugin

Status in OpenStack Neutron (virtual network service):
  New
Status in OpenStack Security Advisories:
  Incomplete

Bug description:
  When creating a security rule that specifies a remote security group
  (rather than a CIDR range), the Midonet plugin does not enforce this
  criterion. With an egress rule, for example, one of the criteria for a
  particular rule may be that only traffic to security group A will be
  allowed out. This criterion is ignored, and traffic will be allowed
  out regardless of the destination security group, provided that it
  conforms to the rule's other criteria.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1244025/+subscriptions




More information about the Openstack-security mailing list