>For instance to reach port1 on net1, all I have to do is create a network
with a CIDR with some overlap with net1's, and then wait until a VM is
created with an IP that exists also on net1 - and then jackpot, that VM
will basically have access to all of net1's instances?
No, it's not quite that b
Kevin,
On 8 June 2015 at 23:52, Kevin Benton wrote:
> There is a bug in security groups here:
> https://bugs.launchpad.net/neutron/+bug/1359523
>
> In the example scenario, it's caused by conntrack zones not being
> isolated. But it also applies to the following scenario that can't be
> solved b
There is a bug in security groups here:
https://bugs.launchpad.net/neutron/+bug/1359523
In the example scenario, it's caused by conntrack zones not being isolated.
But it also applies to the following scenario that can't be solved by zones:
create two networks with same 10.0.0.0/24
create port1 i
