cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rafael Weingärtner (JIRA) <>
Subject [jira] [Commented] (CLOUDSTACK-10043) Egress Rule in VPC ACL broken
Date Thu, 10 Aug 2017 16:20:00 GMT


Rafael Weingärtner commented on CLOUDSTACK-10043:

I use ACS 4.9.2 and so far I have not seen this error.
Have you re-created the VR using the new template?
when you say, "Creating a Deny All rule", are you talking about using ACS API? or creating
the rule directly in the VR?

>  Egress Rule in VPC ACL broken
> ------------------------------
>                 Key: CLOUDSTACK-10043
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Virtual Router, VPC
>    Affects Versions:
>         Environment: CS 4.9.2 with XenServer 6.5SP1
>            Reporter: Francois Scheurer
>            Priority: Blocker
> The Network Offering of the VPC Tier has a Default Egress Policy = Deny.
> Some Allow Rules exist in the ACL, but _ALL_ egress connections are possible.
> Creating a Deny All rule explicit at the end of the rules is actually blocking ALL traffic
(should not, because of the Allow rules).
> The Iptables in the VR are wrong:
> 1)the allow rules are in wrong order.
> 2)some rules are in mangle table instead of filter
> Do you know how to fix this?
> Thank you for your help.
> Francois Scheurer

This message was sent by Atlassian JIRA

View raw message