** Also affects: neutron/havana Importance: Undecided Status: New
** Changed in: neutron/havana Status: New => Fix Committed ** Changed in: neutron/havana Milestone: None => 2013.2.4 -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1255338 Title: neutron allows security group rules with invalid cidrs Status in OpenStack Neutron (virtual network service): Fix Released Status in neutron havana series: Fix Committed Status in neutron icehouse series: New Bug description: Neutron is allowing security group rules having invalid CIDR values in the "remote_ip_prefix" parameter. Two examples illustrate the problem: $ neutron security-group-rule-create --direction ingress --ethertype ipv4 --protocol tcp --port-range-min 28060 --port-range-max 28069 --remote-ip-prefix badprefix e89783db-2c8c-43fd-927d-51ca66841a42 Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | direction | ingress | | ethertype | IPv4 | | id | bdb49ccd-46d0-4090-902c-29412eed1d25 | | port_range_max | 28069 | | port_range_min | 28060 | | protocol | tcp | | remote_group_id | | | remote_ip_prefix | badprefix | | security_group_id | e89783db-2c8c-43fd-927d-51ca66841a42 | | tenant_id | e030326f884445a882dc5ac9991fcc76 | +-------------------+--------------------------------------+ $ neutron security-group-rule-create --direction ingress --ethertype ipv4 --protocol tcp --port-range-min 28060 --port-range-max 28069 --remote-ip-prefix 10.11.12.0/33 e89783db-2c8c-43fd-927d-51ca66841a42 Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | direction | ingress | | ethertype | IPv4 | | id | 72a7c232-410a-406a-9be0-d7ff9dc56b07 | | port_range_max | 28069 | | port_range_min | 28060 | | protocol | tcp | | remote_group_id | | | remote_ip_prefix | 10.11.12.0/33 | | security_group_id | e89783db-2c8c-43fd-927d-51ca66841a42 | | tenant_id | e030326f884445a882dc5ac9991fcc76 | +-------------------+--------------------------------------+ If I were to use the "nova secgroup-rule-add" command instead of the neutron commands, the nova api server returns errors to the python- novaclient for both cases. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1255338/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp