088884c731
The 'docs' tox target executes the doc8 lint test which may result in failures when testing documentation builds, but OpenStack-CI does not execute that tox target. In order to ensure that we catch all standard documentation syntax errors and prevent them from merging, this patch includes the docs target in the 'linters' chain of tests. Fixes for any failures which result from executing this test are also included in the patch. Change-Id: I80c2ce387e59a30c34bf2252a54037c00b420380
989 B
Exception
Filtering IPv6 traffic is left up to the deployer to implement. The openstack-ansible roles don't configure IPv6 (at this time) and adding persistent ip6tables rules could harm a running system.
However, deployers are strongly recommended to implement IPv6 filtering at the edges of the network via network devices. In addition, deployers should be aware that link-local IPv6 addresses are configured automatcally by the system and those addresses could open up new network paths for future attacks.
For example, if IPv4 access was tightly controlled and segmented, hosts and/or containers could possibly communicate across these boundaries using IPv6 link-local addresses. For more detailed information on this security topic, review Cisco's documentation titled IPv6 Security Brief that is available on their website.