opennebula-4.12.1-nospoofnoip.diff

Do not allow any IP to be used if no IP is set on the host and anti-spoofing is enabled. - Roy Keene, 12/21/2015 04:50 PM

Download (993 Bytes)

View differences:

opennebula-4.12.1-nospoofnoip/src/vnm_mad/remotes/lib/security_groups_iptables.rb 2015-12-21 10:49:37.159882031 -0600
271 271 

  		




  272
  272
  
    
        # IP-spofing

  		




  273
  273
  
    
        if nic[:filter_ip_spoofing] == "YES"

  		




  274
  
  
    
            commands.add :iptables, "-A #{chain_out} ! --source #{nic[:ip]} -j DROP"

  		




  
  274
  
    
            if !nic[:ip].nil? and !nic[:ip].empty?

  		




  
  275
  
    
                commands.add :iptables, "-A #{chain_out} ! --source #{nic[:ip]} -j DROP"

  		




  
  276
  
    
            else

  		




  
  277
  
    
                # If there are no IPv4 addresses allowed, block all IPv4 addresses

  		




  
  278
  
    
                commands.add :ip6tables, "-A #{chain_out} --source 0.0.0.0/0 -j DROP"

  		




  
  279
  
    
            end

  		




  275
  280
  
    
        end

  		




  276
  281
  
    

  		




  277
  282
  
    
        # Related, Established