[Bug 412664] [NEW] very hard to firewall eucalyptus securely
Chris Jones
chris.jones at canonical.com
Wed Aug 12 18:40:05 UTC 2009
Public bug reported:
Because eucalyptus flushes various netfilter tables on startup and
always appends its rules, it's quite hard to construct a sane and simple
firewall.
For example, in the default setup, nodes have essentially unfettered
access to the local network of the Cloud Controller (I've not verified
it, but it seems like they may even be able to adopt the IP of something
on the LAN).
Typically I would prefer for explicit ACCEPT rules to be added early in
chains, with blanket "and now deny everything else" rules at the end,
but doing this on a CLC is impossible currently and I'm having to jump
through hoops to correctly restrict the access of node controllers and
nodes.
** Affects: eucalyptus (Ubuntu)
Importance: Undecided
Status: New
--
very hard to firewall eucalyptus securely
https://bugs.launchpad.net/bugs/412664
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list