]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commit
Code Review / openstack-build / neutron-build.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: aaea5dd) | patch
Don't allow user to set firewall rule with port and no protocol
authorBertrand Lallau <bertrand.lallau@thalesgroup.com>
Tue, 9 Sep 2014 12:56:59 +0000 (14:56 +0200)
committerBertrand Lallau <bertrand.lallau@thalesgroup.com>
Wed, 10 Sep 2014 09:47:54 +0000 (11:47 +0200)
commit6f3ae396ed9a9525d4ca77fb8e9b2857fe79b568
tree3e8624bec4ef87fb64b9fc438108c76e9def4eb7tree | snapshot
parentaaea5dd1c4f396bbd760fa677ced3518149bd6dbcommit | diff
Don't allow user to set firewall rule with port and no protocol

Creating firewall rules specifying a destination port and/or a source
port without a protocol, generates rules without src or dest port
restriction. This was a real security issue for cloud users.

This patch generates a 400 Bad request "Source/destination port
requires a protocol" in case of creation/update of firewall rules
specifying a destination port and/or a source port and without protocol.

DocImpact
Closes-Bug: #1365961

Change-Id: I4a3a1d9ae7ec4b2a864b3edc83d65ef7f80cbba5
neutron/db/firewall/firewall_db.py diff | blob | history
neutron/extensions/firewall.py diff | blob | history
neutron/tests/unit/db/firewall/test_db_firewall.py diff | blob | history