You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Ethan Rose (Jira)" <ji...@apache.org> on 2021/10/20 20:38:08 UTC
[jira] [Updated] (HDDS-231) Deny connections from non-local
routable subnets by default
[ https://issues.apache.org/jira/browse/HDDS-231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ethan Rose updated HDDS-231:
----------------------------
Target Version/s: 1.3.0 (was: 1.2.0)
I am managing the 1.2.0 release and we currently have more than 600 issues targeted for 1.2.0. I am moving the target field to 1.3.0.
If you are actively working on this jira and believe this should be targeted for the 1.2.0 release, Please reach out to me via Apache email or Slack.
> Deny connections from non-local routable subnets by default
> -----------------------------------------------------------
>
> Key: HDDS-231
> URL: https://issues.apache.org/jira/browse/HDDS-231
> Project: Apache Ozone
> Issue Type: Improvement
> Reporter: Arpit Agarwal
> Priority: Major
>
> Apache Kudu limits unauthorized connections when strong security is disabled:
> bq. When disabled or strong authentication fails for 'optional', by default Kudu will only allow unauthenticated connections from trusted subnets, which are private networks (127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16, 169.254.0.0/16) and local subnets of all local network interfaces. Unauthenticated connections from publicly routable IPs will be rejected.
> See https://kudu.apache.org/docs/security.html.
> We should use a similar approach for Ozone/HDDS.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org