diff options
| author | Lorenzo Colitti <lorenzo@google.com> | 2014-10-16 00:55:07 +0900 | 
|---|---|---|
| committer | Lorenzo Colitti <lorenzo@google.com> | 2014-10-16 01:16:50 +0900 | 
| commit | 02c7abac856c3e94f4a2714d673cefb65c55efb7 (patch) | |
| tree | ef05718481146d0d5e92e70c8ccec674db427ba3 /docs/html/sdk/api_diff/24 | |
| parent | 0cb7903ddedbbb8a8171926e4460b74af589369d (diff) | |
Don't make lockdown VPN source firewall rules over-broad.
Currently, the lockdown VPN adds firewall allow rules matching
the whole subnet that the server assigned, so for example if
the VPN server assigns it the IP address 10.1.23.5/8, it will
allow the whole of 10.0.0.0/8 to pass the firewall.
This is needlessly overbroad and has a particularly bad corner
case where if the prefix length is 0, everything is allowed.
Bug: 17695048
Change-Id: Idbec4b3aea0f72f9bdfd26dcd72d6a97d026fb12
Diffstat (limited to 'docs/html/sdk/api_diff/24')
0 files changed, 0 insertions, 0 deletions
