cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-4913) Disable security group for bridge mode non-security group zone
Date Fri, 25 Oct 2013 01:50:01 GMT


ASF subversion and git services commented on CLOUDSTACK-4913:

Commit 7e74851cc99894455037426372aee63c14170491 in branch refs/heads/4.2 from [~yasker]
[;h=7e74851 ]

CLOUDSTACK-4913: Don't enable ebtables/iptables for non-security group zone

> Disable security group for bridge mode non-security group zone
> --------------------------------------------------------------
>                 Key: CLOUDSTACK-4913
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Network Controller
>    Affects Versions: 4.2.0
>            Reporter: Sheng Yang
>            Assignee: Sheng Yang
>            Priority: Critical
>             Fix For: 4.2.1
> Currently, if XenServer is switching to bridge mode, CloudStack would automatically enable
security group(apply all kinds of security group rules e.g. iptables and ebtables on it).
But at the time, it wouldn't check if the zone is security group enabled or not.
> If user want to use bridge mode with isolated network(RvR especially), it would have
trouble because security group rules would prevent broadcast from working.
> We need to stop applying security group rules if it's not security group enabled zone.

This message was sent by Atlassian JIRA

View raw message