Hi, I support, that is a problem. It's unclear, how after removing the option prevent_arp_spoofing, I can manage the prevent ARP spoofing mechanism. Example: I use security groups but I don't want to use ARP spoofing protection. How do I can disable the protection?
2018-03-14 10:26 GMT+03:00 Tatiana Kholkina <holk...@selectel.ru>: > Sure, there is an ability to enable ARP spoofing for the port/network, but > it is impossible to make it enabled by default for all ports. > It looks a bit complicated to me and I think it would be better to have an > ability to set default port security via config file. > > Best regards, > Tatiana > > 2018-03-13 15:10 GMT+03:00 Claudiu Belu <cb...@cloudbasesolutions.com>: > >> Hi, >> >> Indeed ARP spoofing is prevented by default, but AFAIK, if you want it >> enabled for a port / network, you can simply disable the security groups on >> that neutron network / port. >> >> Best regards, >> >> Claudiu Belu >> >> ------------------------------ >> *From:* Татьяна Холкина [holk...@selectel.ru] >> *Sent:* Tuesday, March 13, 2018 12:54 PM >> *To:* openstack-dev@lists.openstack.org >> *Subject:* [openstack-dev] [neutron] Prevent ARP spoofing >> >> Hi, >> I'm using an ocata release of OpenStack where the option >> prevent_arp_spoofing can be managed via conf. But later in pike it was >> removed and it was decided to prevent spoofing by default. >> There are cases where security features should be disabled. As I can see >> now we can use a port_security option for these cases. But this option >> should be set for a particular port or network on create. The default value >> is set to True [1] and itt is impossible to change it. I'd like to >> suggest to get default value for port_security [2] from config option. >> It would be nice to know your opinion. >> >> [1] https://github.com/openstack/neutron-lib/blob/stable/ >> queens/neutron_lib/api/definitions/port_security.py#L21 >> [2] https://github.com/openstack/neutron/blob/stable/queens/ >> neutron/objects/extensions/port_security.py#L24 >> >> Best regards, >> Tatiana >> >> ____________________________________________________________ >> ______________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Best regards, Vadim Ponomarev Developer of network automation department at Selectel Ltd. ---- This message may contain confidential information that can't be distributed without the consent of the sender or the authorized person Selectel Ltd.
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev