incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Max Clark (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-324) Cannot edit default security group rules, default security group blocks all inbound traffic.
Date Fri, 12 Oct 2012 18:39:02 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13475227#comment-13475227
] 

Max Clark commented on CLOUDSTACK-324:
--------------------------------------

I'm aware that I can delete the network, create a new network with SGService and then edit
the security group. The idea here is that the _default_ is to create WithoutSGService, and
when this happens the _default_ security group applied to the VMs blocks all inbound traffic.
This default security group should either be 1) permissive, or 2) editable when configured
in this manner.
                
> Cannot edit default security group rules, default security group blocks all inbound traffic.
> --------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-324
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-324
>             Project: CloudStack
>          Issue Type: Bug
>    Affects Versions: pre-4.0.0
>            Reporter: Max Clark
>            Assignee: Wido den Hollander
>              Labels: iptables, network, security
>             Fix For: 4.1.0
>
>
> When configuring basic networking, by default the network is created with the "DefaultSharedNetworkOffering".
This offering does not have a security group. No inbound traffic is allowed to the created
VMs. Reading the AdminGuide documentation:
> "Each CloudStack account comes with a default security group that denies all inbound
traffic and allows all outbound traffic. The default security group can be modified so that
all new VMs inherit some other desired set of rules."
> If a network is created without a security group, it shouldn't have a security group
and all inbound/outbound traffic should be allowed - or at the very least the default security
group should be able to be configured.
> http://www.cloudstack.com/forum/8-storage-and-networking/7054-vm-instance-cant-be-accessd-using-basic-networking.html?limit=6&start=6#7084

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message