Event report mechanism to security groups for dropped packets
The current implementation of security groups (using iptables) is not reporting packet drops in these scenarios:
- Protecting against IP/MAC spoofing: i.e. connection attempts from another MAC/IP address.
- Dropping all packets that do not match on an "allow" rule.
Event report can help to detect miss-configuration, as well as provide data for external applications that do network activity analysis and threat detection.
This blueprint proposes to add event report mechanism to the security group definition.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Lionel Zerbib
- Direction:
- Needs approval
- Assignee:
- Lionel Zerbib
- Definition:
- Superseded
- Series goal:
- Proposed for liberty
- Implementation:
- Beta Available
- Milestone target:
- None
- Started by
- Lionel Zerbib
- Completed by
- Armando Migliaccio
Whiteboard
There's https:/
Gerrit topic: https:/
Addressed by: https:/
RST for blueprint security-
Addressed by: https:/
Add events on dropped packet by security groups firewall.