cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-10043) Egress Rule in VPC ACL broken
Date Wed, 22 Nov 2017 11:25:00 GMT


ASF GitHub Bot commented on CLOUDSTACK-10043:

rhtyd commented on issue #2323: CLOUDSTACK-10043: fix restore default drop for egress rules
in ACL
   @resmo are you planning to work on option 3 (from dev@ ML) or go with this change (drop
by default) ?

This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

>  Egress Rule in VPC ACL broken
> ------------------------------
>                 Key: CLOUDSTACK-10043
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Virtual Router, VPC, XenServer
>    Affects Versions:
>         Environment: Cloudstack
> XenServer 6.5SP1
> Zone with Advanced Network
>            Reporter: Francois Scheurer
>            Assignee: René Moser
>            Priority: Blocker
> The Network Offering of the VPC Tier has a Default Egress Policy = Deny.
> Some Allow Rules exist in the ACL, but _ALL_ egress connections are possible.
> Creating a Deny All rule explicit at the end of the rules is actually blocking ALL traffic
(should not, because of the Allow rules).
> The Iptables in the VR are wrong:
> 1) the allow & deny rules are in wrong order.
> 2) some rules are in mangle table instead of filter
> Do you know how to fix this?
> Thank you for your help.
> Francois Scheurer

This message was sent by Atlassian JIRA

View raw message