cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pdube <...@git.apache.org>
Subject [GitHub] cloudstack pull request #1581: CLOUDSTACK-9404 Fixed ordering of network ACL...
Date Thu, 02 Jun 2016 17:29:04 GMT
GitHub user pdube opened a pull request:

    https://github.com/apache/cloudstack/pull/1581

    CLOUDSTACK-9404 Fixed ordering of network ACL rules being sent to the VR.

     The comparator was inverted.
    
    Issue: https://issues.apache.org/jira/browse/CLOUDSTACK-9404
    
    In this example, I created rules with the port numbers the same as the rule numbers.
    
    Chain ACL_INBOUND_eth2 (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             225.0.0.50
    ACCEPT     all  --  anywhere             vrrp.mcast.net
    DROP       tcp  --  anywhere             anywhere             tcp dpt:netstat
    DROP       tcp  --  anywhere             anywhere             tcp dpt:10
    DROP       tcp  --  anywhere             anywhere             tcp dpt:5
    DROP       tcp  --  anywhere             anywhere             tcp dpt:3
    DROP       tcp  --  anywhere             anywhere             tcp dpt:2
    DROP       all  --  anywhere             anywhere
    
    We can see above that the rules are inverted.
    
    After the fix:
    
    Chain ACL_INBOUND_eth2 (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             225.0.0.50
    ACCEPT     all  --  anywhere             vrrp.mcast.net
    DROP       tcp  --  anywhere             anywhere             tcp dpt:2
    DROP       tcp  --  anywhere             anywhere             tcp dpt:3
    DROP       tcp  --  anywhere             anywhere             tcp dpt:5
    DROP       tcp  --  anywhere             anywhere             tcp dpt:10
    DROP       tcp  --  anywhere             anywhere             tcp dpt:netstat
    DROP       all  --  anywhere             anywhere


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/pdube/cloudstack network-acl-rules-order

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/1581.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1581
    
----

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message