|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-bugs] [Bug 914] New: /etc/xen/scripts/vif-bridge shouldn't call handle_iptable
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=914 Summary: /etc/xen/scripts/vif-bridge shouldn't call handle_iptable Product: Xen Version: 3.0.4 Platform: x86-64 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: Tools AssignedTo: xen-bugs@xxxxxxxxxxxxxxxxxxx ReportedBy: jarkko@xxxxxxxxxxxxx /etc/xen/scripts/vif-bridge should not call "handle_iptable" (from /etc/xen/scripts/vif-common.sh) which sets iptables forwarding rules because a bridge is not a router. No iptables rules are needed for bridging (and iptables forwarding rules don't even affect how the bridge works). Having that "handle_iptable" call in the vif-bridge script is apparently a simple coding mistake. This unnecessary call opens a security hole to the firewall. The handle_iptable call should be simply removed from /etc/xen/scripts/vif-bridge. -- Configure bugmail: http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. _______________________________________________ Xen-bugs mailing list Xen-bugs@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-bugs
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |