cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8650) When using security groups, adding an ingress rule for protocol "all" for source cidr 0.0.0.0/0 is impossible
Date Thu, 23 Jul 2015 06:37:05 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14638288#comment-14638288
] 

ASF subversion and git services commented on CLOUDSTACK-8650:
-------------------------------------------------------------

Commit 4705d75d4a7fd58def45ec3e70ed5118e0334cf7 in cloudstack's branch refs/heads/master from
[~franklouwers]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=4705d75 ]

CLOUDSTACK-8650: Fix securitygroups ingress FW for protocol any and 0.0.0.0/0

Change way 0.0.0.0/0 + all is handles, as per feedback in Slack channel

Signed-off-by: wilderrodrigues <wrodrigues@schubergphilis.com>


> When using security groups, adding an ingress rule for protocol "all" for source cidr
0.0.0.0/0 is impossible
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-8650
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8650
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Frank Louwers
>            Priority: Minor
>
> While it is possible to add ingress rules for tcp, udp and icmp for source range 0.0.0.0/0,
it is currently impossible to add a rule for protocol all for source range 0.0.0.0/0.
> So these work (using eg cloudmonkey):
>   * authorize securitygroupingress securitygroupid=$id cidrlist="0.0.0.0/0" protocol=tcp
>   * authorize securitygroupingress securitygroupid=$id cidrlist="0.0.0.0/0" protocol=icmp
>   * authorize securitygroupingress securitygroupid=$id cidrlist="0.0.0.0/1" protocol=all
>   * authorize securitygroupingress securitygroupid=$id cidrlist="128.0.0.0/1" protocol=all
> But this doesn't work:
>   * authorize securitygroupingress securitygroupid=$id cidrlist="0.0.0.0/0" protocol=all
> Fix is in https://github.com/apache/cloudstack/pull/601



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message