You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/09/23 08:56:20 UTC
[jira] [Commented] (CLOUDSTACK-6432) Prevent VR from response to
DNS request from outside of network
[ https://issues.apache.org/jira/browse/CLOUDSTACK-6432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15515849#comment-15515849 ]
ASF GitHub Bot commented on CLOUDSTACK-6432:
--------------------------------------------
Github user s-seitz commented on the issue:
https://github.com/apache/cloudstack/pull/1663
After patching our systemvm.iso and the respective routers, I've noticed the iptables rules changed as given in CsAddress.py. These rules don't get any packets since two identical (but unpatched) rules apply before. I found these in CsApp.py.
> Prevent VR from response to DNS request from outside of network
> ---------------------------------------------------------------
>
> Key: CLOUDSTACK-6432
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6432
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Affects Versions: 4.4.0, 4.5.0
> Reporter: Sheng Yang
> Assignee: Sheng Yang
> Fix For: 4.4.0, 4.5.0
>
>
> In basic and shared network, VR use private network nic for dhcp/dns services. But if private network is on the internet as well, it would make VR facing outside network.
> We would restrain the VR DNS service inside CloudStack managed network.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)