:
This is a security issue with high impact.
We should treat it as a blocker.
-Original Message-
From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com]
Sent: 30 July 2015 02:07 PM
To: dev@cloudstack.apache.org dev@cloudstack.apache.org
Subject: Re: [Blocker] Default ip table rules
with high impact.
We should treat it as a blocker.
-Original Message-
From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com]
Sent: 30 July 2015 02:07 PM
To: dev@cloudstack.apache.org dev@cloudstack.apache.org
Subject: Re: [Blocker] Default ip table rules on VR
I see VR
Subject: Re: [Blocker] Default ip table rules on VR
I see VR ingress traffic is blocked by default from iptables mangle
table.
But on the guest interface all the traffic is accepted.
Also egress firewall rule will break because of FORWARD policy.
Thanks,
Jayapal
On 30-Jul-2015
it as a blocker.
-Original Message-
From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com]
Sent: 30 July 2015 02:07 PM
To: dev@cloudstack.apache.org dev@cloudstack.apache.org
Subject: Re: [Blocker] Default ip table rules on VR
I see VR ingress traffic is blocked by default from
Guys, I see votes here but no arguments. Why is it a blocker?
From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com]
Sent: 30 July 2015 02:07 PM
To: dev@cloudstack.apache.org dev@cloudstack.apache.org
Subject: Re: [Blocker] Default ip table rules on VR
I see VR ingress traffic
] Default ip table rules on VR
I see VR ingress traffic is blocked by default from iptables mangle table.
But on the guest interface all the traffic is accepted.
Also egress firewall rule will break because of FORWARD policy.
Thanks,
Jayapal
On 30-Jul-2015, at 12:53 PM, Jayapal Reddy Uradi
: 30 July 2015 02:07 PM
To: dev@cloudstack.apache.org dev@cloudstack.apache.org
Subject: Re: [Blocker] Default ip table rules on VR
I see VR ingress traffic is blocked by default from iptables mangle table.
But on the guest interface all the traffic is accepted.
Also egress firewall rule
[mailto:jayapalreddy.ur...@citrix.com]
Sent: 30 July 2015 02:07 PM
To: dev@cloudstack.apache.org dev@cloudstack.apache.org
Subject: Re: [Blocker] Default ip table rules on VR
I see VR ingress traffic is blocked by default from iptables mangle
table.
But on the guest interface all the traffic
I see VR ingress traffic is blocked by default from iptables mangle table.
But on the guest interface all the traffic is accepted.
Also egress firewall rule will break because of FORWARD policy.
Thanks,
Jayapal
On 30-Jul-2015, at 12:53 PM, Jayapal Reddy Uradi
jayapalreddy.ur...@citrix.com
This is a security issue with high impact.
We should treat it as a blocker.
-Original Message-
From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com]
Sent: 30 July 2015 02:07 PM
To: dev@cloudstack.apache.org dev@cloudstack.apache.org
Subject: Re: [Blocker] Default ip table
I changed it to critical. It is only a blocker if we agree on this
list that it is.
On Thu, Jul 30, 2015 at 6:44 AM, Sanjeev N sanj...@apache.org wrote:
Hi,
In latest ACS builds, the ip table rules in VR have ACCEPT as the default
policy in INPUT and FORWARD chains, instead of DROP.
Created
It is security concern on the VR. All the ingress traffic onto the VR is
accepted.
Let it be blocker.
Thanks,
Jayapal
On 30-Jul-2015, at 12:28 PM, Daan Hoogland daan.hoogl...@gmail.com
wrote:
I changed it to critical. It is only a blocker if we agree on this
list that it is.
On Thu, Jul
Hi,
In latest ACS builds, the ip table rules in VR have ACCEPT as the default
policy in INPUT and FORWARD chains, instead of DROP.
Created a blocker bug for this issue
https://issues.apache.org/jira/browse/CLOUDSTACK-8688
Can somebody please fix it?
Thanks,
Sanjeev
13 matches
Mail list logo