WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-bugs

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-bugs] [Bug 914] New: /etc/xen/scripts/vif-bridge shouldn't call han

from [bugzilla-daemon] [Permanent Link][Original]
To: xen-bugs@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-bugs] [Bug 914] New: /etc/xen/scripts/vif-bridge shouldn't call handle_iptable
From: bugzilla-daemon@xxxxxxxxxxxxxxxxxxx
Date: Thu, 1 Mar 2007 15:55:48 -0800
Delivery-date: Thu, 01 Mar 2007 16:10:31 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-bugs-request@lists.xensource.com?subject=help>
List-id: Xen Bugzilla <xen-bugs.lists.xensource.com>
List-post: <mailto:xen-bugs@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-bugs>, <mailto:xen-bugs-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-bugs>, <mailto:xen-bugs-request@lists.xensource.com?subject=unsubscribe>
Reply-to: bugs@xxxxxxxxxxxxxxxxxx
Sender: xen-bugs-bounces@xxxxxxxxxxxxxxxxxxx 
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=914

           Summary: /etc/xen/scripts/vif-bridge shouldn't call
                    handle_iptable
           Product: Xen
           Version: 3.0.4
          Platform: x86-64
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: Tools
        AssignedTo: xen-bugs@xxxxxxxxxxxxxxxxxxx
        ReportedBy: jarkko@xxxxxxxxxxxxx


/etc/xen/scripts/vif-bridge should not call "handle_iptable" (from
/etc/xen/scripts/vif-common.sh) which sets iptables forwarding rules because a
bridge is not a router. No iptables rules are needed for bridging (and iptables
forwarding rules don't even affect how the bridge works).

Having that "handle_iptable" call in the vif-bridge script is apparently a
simple coding mistake. This unnecessary call opens a security hole to the
firewall.

The handle_iptable call should be simply removed from
/etc/xen/scripts/vif-bridge.


-- 
Configure bugmail: 
http://bugzilla.xensource.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

_______________________________________________
Xen-bugs mailing list
Xen-bugs@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-bugs
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-bugs] [Bug 914] New: /etc/xen/scripts/vif-bridge shouldn't call handle_iptable, bugzilla-daemon <=
Previous by Date:  [Xen-bugs] [Bug 877] Ubuntu Dapper install cd fails to boot in HVM (unknown opcode), bugzilla-daemon
Next by Date:  [Xen-bugs] [Bug 882] Cpu Usage Discrepancies on Xen, bugzilla-daemon
Previous by Thread:  [Xen-bugs] [Bug 877] Ubuntu Dapper install cd fails to boot in HVM (unknown opcode), bugzilla-daemon
Next by Thread:  [Xen-bugs] [Bug 882] Cpu Usage Discrepancies on Xen, bugzilla-daemon
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy