Sure, there is an ability to enable ARP spoofing for the port/network, but it is impossible to make it enabled by default for all ports. It looks a bit complicated to me and I think it would be better to have an ability to set default port security via config file.
Best regards, Tatiana 2018-03-13 15:10 GMT+03:00 Claudiu Belu <cb...@cloudbasesolutions.com>: > Hi, > > Indeed ARP spoofing is prevented by default, but AFAIK, if you want it > enabled for a port / network, you can simply disable the security groups on > that neutron network / port. > > Best regards, > > Claudiu Belu > > ------------------------------ > *From:* Татьяна Холкина [holk...@selectel.ru] > *Sent:* Tuesday, March 13, 2018 12:54 PM > *To:* openstack-dev@lists.openstack.org > *Subject:* [openstack-dev] [neutron] Prevent ARP spoofing > > Hi, > I'm using an ocata release of OpenStack where the option > prevent_arp_spoofing can be managed via conf. But later in pike it was > removed and it was decided to prevent spoofing by default. > There are cases where security features should be disabled. As I can see > now we can use a port_security option for these cases. But this option > should be set for a particular port or network on create. The default value > is set to True [1] and itt is impossible to change it. I'd like to > suggest to get default value for port_security [2] from config option. > It would be nice to know your opinion. > > [1] https://github.com/openstack/neutron-lib/blob/ > stable/queens/neutron_lib/api/definitions/port_security.py#L21 > [2] https://github.com/openstack/neutron/blob/stable/ > queens/neutron/objects/extensions/port_security.py#L24 > > Best regards, > Tatiana > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev