Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.
** Also affects: ossa Importance: Undecided Status: New ** Changed in: ossa Status: New => Incomplete ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1818385 Title: It's possible to add a security group rule for VRRP with a dport Status in neutron: In Progress Status in OpenStack Security Advisory: Incomplete Bug description: This command should be invalid, but Neutron (Rocky) allows it to be created. > openstack security group rule create xxx --protocol vrrp --ingress --remote-ip <ip> --dst-port 112 Since iptables does not allow dst-port being passed. It would trigger the following error on the compute. > unknown option "--dport" I would have created this as a security vulnerability, but it's already been mentioned on IRC. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1818385/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp