Reviewed: https://review.openstack.org/333829 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0fce3ca2c1641fbcfb8327a86d7225e2c3972263 Submitter: Zuul Branch: master
commit 0fce3ca2c1641fbcfb8327a86d7225e2c3972263 Author: Jens Harbott <[email protected]> Date: Mon Oct 29 17:08:33 2018 +0000 Secure dnsmasq process against external abuse Currently any dhcp agent instance will work as an open resolver. For deployments using publicly routed addresses for tenant networks, this allows the agent being abused in dDoS attacks, see [1]. By setting the `--local-service` option dnsmasq will filter DNS queries and reply only to queries from directly attached networks. [1] https://bugs.launchpad.net/neutron/+bug/1501206 Closes-Bug: 1501206 Change-Id: I76d810aad2ce0f15a88bd798963012fa0efca74e ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1501206 Title: router:dhcp ports are open resolvers To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1501206/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
