cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jayapal Reddy Uradi <jayapalreddy.ur...@citrix.com>
Subject Re: [Blocker] Default ip table rules on VR
Date Thu, 30 Jul 2015 08:37:19 GMT
I see VR ingress traffic is blocked by default from iptables mangle table.
But on the guest interface all the traffic is accepted.
Also egress firewall rule will break because of FORWARD policy.

Thanks,
Jayapal

On 30-Jul-2015, at 12:53 PM, Jayapal Reddy Uradi <jayapalreddy.uradi@citrix.com> wrote:

> 
> It is security concern on the VR. All the ingress traffic onto the VR is accepted.
> Let it be blocker.
> 
> Thanks,
> Jayapal
> 
> On 30-Jul-2015, at 12:28 PM, Daan Hoogland <daan.hoogland@gmail.com>
> wrote:
> 
>> I changed it to critical. It is only a blocker if we agree on this
>> list that it is.
>> 
>> On Thu, Jul 30, 2015 at 6:44 AM, Sanjeev N <sanjeev@apache.org> wrote:
>>> Hi,
>>> 
>>> In latest ACS builds, the ip table rules in VR have ACCEPT as the default
>>> policy in INPUT and FORWARD chains, instead of DROP.
>>> 
>>> Created a blocker bug for this issue
>>> https://issues.apache.org/jira/browse/CLOUDSTACK-8688
>>> 
>>> Can somebody please fix it?
>>> 
>>> Thanks,
>>> Sanjeev
>> 
>> 
>> 
>> -- 
>> Daan
> 


Mime
View raw message