cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon Weller <swel...@ena.com>
Subject Re: Re[7]: Network ACL rules in VPCs are applied in an inverted order (CLOUDSTACK-9404)
Date Tue, 25 Oct 2016 14:39:46 GMT
David,


Can you post your question to the dev list?

You're more likely to get a response there.


- Si


________________________________
From: David Amorín <david.amorin@adderglobal.com>
Sent: Tuesday, October 25, 2016 9:23 AM
To: users@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re[7]: Network ACL rules in VPCs are applied in an inverted order (CLOUDSTACK-9404)

Sorry to bring up an old question, just want to ask again if somebody
can confirm this issue (inverted order of the ACL rules) with CS 4.9 and
VPC router version 4.6

Thanks,

David

------ Mensaje original ------
De: "David Amorín" <david.amorin@adderglobal.com>
Para: "users@cloudstack.apache.org" <users@cloudstack.apache.org>
Enviado: 17/10/2016 11:16:03
Asunto: Re[6]: Network ACL rules in VPCs are applied in an inverted
order (CLOUDSTACK-9404)

>Hi ,
>I did a couple of tests more and i can confirm the issue
>(CLOUDSTACK-9404) still happens with the version CS 4.9 using the VPC
>router version 4.6
>
>See an example:
>
>I have an egress rules like following:
>Rule number: 101CIDR: 8.8.8.8/32Action: Allow, Traffic Type:
>EgressProtocol: ICMP, ICMPtype: -1, ICMPCode: -1
>
>Then I add this rule:
>Rule number: 1002CIDR: 0.0.0.0/0Action: Deny, Traffic Type:
>EgressProtocol: ALL
>
>Checking the VR, in file /etc/iptables/router_rules.v4, the rules are
>applied in wrong order:
>-A ACL_OUTBOUND_eth2 -d 224.0.0.18/32 -j ACCEPT
>-A ACL_OUTBOUND_eth2 -d 225.0.0.50/32 -j ACCEPT
>-A ACL_OUTBOUND_eth2 -j DROP
>-A ACL_OUTBOUND_eth2 -d 8.8.8.8/32 -p icmp -m icmp --icmp-type any -j
>ACCEPT
>
>
>But then if i restart the VPC and clean up, I check again iptables and
>now is correct order:
>-A ACL_OUTBOUND_eth2 -d 224.0.0.18/32 -j ACCEPT
>-A ACL_OUTBOUND_eth2 -d 225.0.0.50/32 -j ACCEPT
>-A ACL_OUTBOUND_eth2 -d 8.8.8.8/32 -p icmp -m icmp --icmp-type any -j
>ACCEPT
>-A ACL_OUTBOUND_eth2 -j DROP
>
>Is the VPC rotuer version 4.6 the latest one?
>
>I really apprecciate if somebody else can confirm this issue
>
>Best,
>
>David
>
>------ Mensaje original ------
>De: "Simon Weller" <sweller@ena.com>
>Para: "users@cloudstack.apache.org" <users@cloudstack.apache.org>;
>"David Amorín" <david.amorin@adderglobal.com>
>Enviado: 05/10/2016 18:35:48
>Asunto: Re: Re[4]: Network ACL rules in VPCs are applied in an inverted
>order (CLOUDSTACK-9404)
>
>>Try doing a restart with network cleanup and see if that fixes your
>>problem. The fixes are in the system iso and that will required a
>>redeploy.
>>
>>
>>
>>- Si
>>
>>
>>--------------------------------------------------------------------------------
>>From: David Amorín <david.amorin@adderglobal.com>
>>Sent: Wednesday, October 5, 2016 11:18 AM
>>To: Simon Weller; users@cloudstack.apache.org
>>Subject: Re[4]: Network ACL rules in VPCs are applied in an inverted
>>order (CLOUDSTACK-9404)
>>
>>Yes, we did the upgrade from 4.5.2 to 4.9.0
>>
>>
>>
>>
>>------ Mensaje original ------
>>De: "Simon Weller" <sweller@ena.com>
>>Para: "users@cloudstack.apache.org" <users@cloudstack.apache.org>;
>>"David Amorín" <david.amorin@adderglobal.com>
>>Enviado: 05/10/2016 18:11:26
>>Asunto: Re: Re[2]: Network ACL rules in VPCs are applied in an
>>inverted order (CLOUDSTACK-9404)
>>
>>>Was this an upgrade from an older release?
>>>
>>>
>>>
>>>--------------------------------------------------------------------------------
>>>From: David Amorín <david.amorin@adderglobal.com>
>>>Sent: Wednesday, October 5, 2016 10:11 AM
>>>To:users@cloudstack.apache.org
>>>Subject: Re[2]: Network ACL rules in VPCs are applied in an inverted
>>>order (CLOUDSTACK-9404)
>>>
>>>We are running 4.9.0 and we are still facing the issues of the ACL
>>>Rules
>>>(CLOUDSTACK-9404)
>>>
>>>
>>>
>>>------ Mensaje original ------
>>>De: "Simon Weller" <sweller@ena.com>
>>>Para: "users@cloudstack.apache.org" <users@cloudstack.apache.org>;
>>>"David Amorín" <david.amorin@adderglobal.com>
>>>Enviado: 04/10/2016 18:02:22
>>>Asunto: Re: Network ACL rules in VPCs are applied in an inverted
>>>order
>>>(CLOUDSTACK-9404)
>>>
>>> >David,
>>> >
>>> >
>>> >What version are you currently running?
>>> >
>>> >
>>> >I believe 2 patches got into 4.9.0 related to this. #1581 and #1616.
>>> >
>>> >
>>> >At least #1581 was also merged into 4.8.x for the next point
>>>release.
>>> >
>>> >
>>> >- Si
>>> >
>>> >________________________________
>>> >From: David Amorín <david.amorin@adderglobal.com>
>>> >Sent: Tuesday, October 4, 2016 10:47 AM
>>> >To: users@cloudstack.apache.org
>>> >Subject: Network ACL rules in VPCs are applied in an inverted order
>>> >(CLOUDSTACK-9404)
>>> >
>>> >Hi all,
>>> >I see this bug is already resolved
>>> >
>>> >https://issues.apache.org/jira/browse/CLOUDSTACK-9404
>>> >[CLOUDSTACK-9404] Network ACL rules in VPCs are applied in
>>> >...<https://issues.apache.org/jira/browse/CLOUDSTACK-9404>
>>> >issues.apache.org
>>> >Linked Applications. Loading... Dashboards
>>> >
>>> >
>>> >
>>> >
>>> >Do you know if will be available on 4.9.1?
>>> >
>>> >Thanks
>>> >
>>> >David
>>> >
>>> >
>>> >
>>> >
>>> >
>>>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message