Don't make lockdown VPN source firewall rules over-broad.

Currently, the lockdown VPN adds firewall allow rules matching
the whole subnet that the server assigned, so for example if
the VPN server assigns it the IP address 10.1.23.5/8, it will
allow the whole of 10.0.0.0/8 to pass the firewall.

This is needlessly overbroad and has a particularly bad corner
case where if the prefix length is 0, everything is allowed.

Bug: 17695048
Change-Id: Idbec4b3aea0f72f9bdfd26dcd72d6a97d026fb12

0 files changed, 0 insertions, 0 deletions