Public bug reported:
If we use an invalid CIDR as the source_ip_address, such as
2:3dc2:c893:514a:966b:7969:42b0:00900/108, it can still be successfully
submitted after creating a firewall rule. The main reason is that
netaddr formats this address.
The command is like:
openstack firewall group rule create --ip-version 6 --source-ip-address
2:3dc2:c893:514a:966b:7969:42b0:00900/108
netaddr would format the CIDR address, and debugging shows:
>>> import netaddr
>>> ii=netaddr.IPNetwork('2:3dc2:c893:514a:966b:7969:42b0:00900/108')
>>> ii
IPNetwork('2:3dc2:c893:514a:966b:7969:42b0:900/108')
>>> ii.version
6
I found a similar issue for security groups, which has a good solution
to fix it[1] . Therefore, I think a fix is also needed for firewall
group rules.
[1]https://bugs.launchpad.net/neutron/+bug/1869129
** Affects: neutron
Importance: Undecided
Status: New
** Tags: fwaas
** Description changed:
If we use an invalid CIDR as the source_ip_address, such as
2:3dc2:c893:514a:966b:7969:42b0:00900/108, it can still be successfully
submitted after creating a firewall rule. The main reason is that
netaddr formats this address.
The command is like:
openstack firewall group rule create --ip-version 6 --source-ip-address
2:3dc2:c893:514a:966b:7969:42b0:00900/108
netaddr would format the CIDR address, and debugging shows:
>>> import netaddr
>>> ii=netaddr.IPNetwork('2:3dc2:c893:514a:966b:7969:42b0:00900/108')
>>> ii
IPNetwork('2:3dc2:c893:514a:966b:7969:42b0:900/108')
>>> ii.version
6
I found a similar issue for security groups, which has a good solution
- to fix it . Therefore, I think a fix is also needed for firewall group
- rules.
+ to fix it[1] . Therefore, I think a fix is also needed for firewall
+ group rules.
[1]https://bugs.launchpad.net/neutron/+bug/1869129
** Tags added: fwaas
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2077596
Title:
[rfe][fwaas] Add normalized_cidr column to firewall rules
Status in neutron:
New
Bug description:
If we use an invalid CIDR as the source_ip_address, such as
2:3dc2:c893:514a:966b:7969:42b0:00900/108, it can still be
successfully submitted after creating a firewall rule. The main reason
is that netaddr formats this address.
The command is like:
openstack firewall group rule create --ip-version 6 --source-ip-
address 2:3dc2:c893:514a:966b:7969:42b0:00900/108
netaddr would format the CIDR address, and debugging shows:
>>> import netaddr
>>> ii=netaddr.IPNetwork('2:3dc2:c893:514a:966b:7969:42b0:00900/108')
>>> ii
IPNetwork('2:3dc2:c893:514a:966b:7969:42b0:900/108')
>>> ii.version
6
I found a similar issue for security groups, which has a good solution
to fix it[1] . Therefore, I think a fix is also needed for firewall
group rules.
[1]https://bugs.launchpad.net/neutron/+bug/1869129
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2077596/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
