cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Kinsella (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-6820) VPC router ICMP acl
Date Tue, 03 Jun 2014 14:45:04 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-6820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

John Kinsella updated CLOUDSTACK-6820:
--------------------------------------

    Security: Public  (was: Non-Public)

> VPC router ICMP acl
> -------------------
>
>                 Key: CLOUDSTACK-6820
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6820
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Virtual Router
>    Affects Versions: 4.3.0
>            Reporter: Thijs Houtenbos
>            Priority: Minor
>              Labels: security
>
> There is a default allow icmp any any on the VPC router vm which cannot be controlled
with the network ACLs. This makes it impossible to block certain icmp traffic.
> root@r-4135-VM:~# iptables -L -v | grep icmp
> 10784  901K ACCEPT     icmp --  any    any     anywhere             anywhere



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message