cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sadhu suresh (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (CLOUDSTACK-2386) SRX:F5: fail to set firewall rule for icmp protocol
Date Tue, 06 Aug 2013 10:53:51 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-2386?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

sadhu suresh closed CLOUDSTACK-2386.
------------------------------------


verified this issue(SRX/F5 env) and able to configure the firewall on  ICMP rule.so closing
this issue.


term 10-147-49-103-1 {
    from {
        source-address {
            0.0.0.0/0;
        }
        destination-address {
            10.147.49.103/32;
        }
        protocol tcp;
        destination-port 80-80;
    }
    then {
        count 10-147-49-103-i;
        accept;
    }
}
term 10-147-49-103-2 {
    from {
        source-address {
            0.0.0.0/0;
        }
        destination-address {
            10.147.49.103/32;
        }
        protocol icmp;
        icmp-type 0-255;
        icmp-code 0-255;
    }
    then {
        count 10-147-49-103-i;
        accept;
    }
}

                
> SRX:F5: fail to set firewall rule for icmp protocol 
> ----------------------------------------------------
>
>                 Key: CLOUDSTACK-2386
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2386
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Network Controller
>    Affects Versions: 4.2.0
>            Reporter: sadhu suresh
>            Assignee: Jayapal Reddy
>            Priority: Critical
>             Fix For: 4.2.0
>
>         Attachments: management-server.rar
>
>
> steps:
> 1. create a network offering with src and F5 in line mone
> 2.create a sharednetwork using above NO
> 3.deploy a vm using above shared network
> 4.acquire an IP and enabled static nat
> 5.configure the firewall on tcp protocol  on 80 port
> 6.configure the firewall on ICMP protocol o
> actual result:
> able to configure the firewall on tcp protocol but fail to configure  the firewall on
ICMP protocol
> output of show firewall command for above acquired IP
> root# show firewall filter untrust 
> term 10-147-49-130-8 {
>     from {
>         source-address {
>             0.0.0.0/0;
>         }
>         destination-address {
>             10.147.49.130/32;
>         }
>         protocol tcp;
>         destination-port 80-80;
>     }
>     then {
>         count 10-147-49-130-i;
>         accept;
>     }
> }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message