Return-Path: 
 <dev-return-50948-apmail-cloudstack-dev-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-dev-archive@www.apache.org
Delivered-To: apmail-cloudstack-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id CC31910DFF
	for <apmail-cloudstack-dev-archive@www.apache.org>;
 Tue, 28 Jan 2014 10:31:33 +0000 (UTC)
Received: (qmail 22834 invoked by uid 500); 28 Jan 2014 10:31:33 -0000
Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org
Received: (qmail 22424 invoked by uid 500); 28 Jan 2014 10:31:31 -0000
Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:dev@cloudstack.apache.org>
List-Id: <dev.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list dev@cloudstack.apache.org
Received: (qmail 22416 invoked by uid 99); 28 Jan 2014 10:31:31 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Jan 2014 10:31:31 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy)
Received: from [217.19.15.108] (HELO ro.nux.ro) (217.19.15.108)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Jan 2014 10:31:25 +0000
Received: from webmail.nux.ro (localhost [127.0.0.1])
	by ro.nux.ro (Postfix) with ESMTP id 2DAD819F6A5
	for <dev@cloudstack.apache.org>; Tue, 28 Jan 2014 10:31:05 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=li.nux.ro; s=dkimnux;
	t=1390905065; bh=MCRZzVr0h1hT5tA3zszHcHX+U0X7pQGTwfJgQ4Rm0SQ=;
	h=MIME-Version:Content-Type:Content-Transfer-Encoding:Date:From:To:
	 Subject:In-Reply-To:References:Message-ID;
	b=RZ7Y6drudAixYm4o1zrlH1s81T2WQ/23MYmB0fFHy21f/EPZssDBM0zFdrfHgPQaA
	 cqRQRVgp3V1F8sNdDfGoPMl0j/8/DW67wj80BPTgLErZch77gb6zruMO69P0tpfSO1
	 azvmD4ziOsZu/xoQi2bLzmOxG7S6Mkl39dtxK0uU=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Tue, 28 Jan 2014 10:31:05 +0000
From: Nux! <nux@li.nux.ro>
To: dev@cloudstack.apache.org
Subject: Re: Useless egress in SG =?UTF-8?Q?zone=3F?=
In-Reply-To: <A70E34D7-71DD-4A47-A34C-74A7709871A4@citrix.com>
References: <4ec7d678cb622f728a3a06285d31bed2@li.nux.ro>
 <CALFpzo57sOdSTz9goPiCo-i+a-Equ35F-M9AzDStwVSdnx_VTw@mail.gmail.com>
 <11ccf3bcaffade28a44ca8fb07551c7c@li.nux.ro>
 <A70E34D7-71DD-4A47-A34C-74A7709871A4@citrix.com>
Message-ID: <a7bcc772c9b1b0bcd168427bcd7622e3@li.nux.ro>
X-Sender: nux@li.nux.ro
User-Agent: Roundcube Webmail/0.9-beta
X-Virus-Checked: Checked by ClamAV on apache.org

On 28.01.2014 05:20, Jayapal Reddy Uradi wrote:
> Hi Nux,
> 
> 
> 1. By default we are allowing egress in SG.
> 2. But when you configure any rule in egress, it allows ONLY
> configured rule traffic and other traffic will be BLOCKED.
> 
> If admin wants allow to only specific ports/addresses this can be
> done by configuring SG egress rules.
> 
> In my firewalls, the default egress is allow for trusted networks.
> 
> Thanks,
> Jayapal

Thanks a lot Jayapal, this makes sense. What was confusing me is that 
in a Basic zone (hence SG) with Xenserver this is not working.
I can confirm it is working in an adv zone + SG with KVM.

Regards,
Lucian

-- 
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro