Comment 0 for bug 1255338

Neutron is allowing security group rules having invalid CIDR values in the "remote_ip_prefix" parameter.

Two examples illustrates the problem:
$ neutron security-group-rule-create --direction ingress --ethertype ipv4 --protocol tcp --port-range-min 28060 --port-range-max 28069 --remote-ip-prefix badprefix e89783db-2c8c-43fd-927d-51ca66841a42
Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| direction | ingress |
| ethertype | IPv4 |
| id | bdb49ccd-46d0-4090-902c-29412eed1d25 |
| port_range_max | 28069 |
| port_range_min | 28060 |
| protocol | tcp |
| remote_group_id | |
| remote_ip_prefix | badprefix |
| security_group_id | e89783db-2c8c-43fd-927d-51ca66841a42 |
| tenant_id | e030326f884445a882dc5ac9991fcc76 |
+-------------------+--------------------------------------+

$ neutron security-group-rule-create --direction ingress --ethertype ipv4 --protocol tcp --port-range-min 28060 --port-range-max 28069 --remote-ip-prefix 10.11.12.0/33 e89783db-2c8c-43fd-927d-51ca66841a42
Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| direction | ingress |
| ethertype | IPv4 |
| id | 72a7c232-410a-406a-9be0-d7ff9dc56b07 |
| port_range_max | 28069 |
| port_range_min | 28060 |
| protocol | tcp |
| remote_group_id | |
| remote_ip_prefix | 10.11.12.0/33 |
| security_group_id | e89783db-2c8c-43fd-927d-51ca66841a42 |
| tenant_id | e030326f884445a882dc5ac9991fcc76 |
+-------------------+--------------------------------------+

If I were to use the "nova secgroup-rule-add" instead of the neutron commands, the nova api server returns errors to the python-novaclient for both cases.