cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Amorín" <david.amo...@adderglobal.com>
Subject Re[9]: Network ACL rules in VPCs are applied in an inverted order (CLOUDSTACK-9404)
Date Wed, 26 Oct 2016 08:33:39 GMT
I have tested with CS 4.9.0 and it is not applied. Let's see if will be available on 4.9.1

Thanks for your help

-- 
David Amorín
Director


david.amorin@adderglobal.com
T. 91 133 18 99 Ext. 151
M. 626 94 95 88

-----Mensaje original----- 
> De: "Pierre-Luc Dion" <pdion891@apache.org> 
> A: users@cloudstack.apache.org 
> Cc: "David Amorín" <david.amorin@adderglobal.com>, "Patrick Dube 2" <pdube@cloudops.com>

> Fecha: 26/10/2016 00:22 
> Asunto: Re: Re[7]: Network ACL rules in VPCs are applied in an inverted order (CLOUDSTACK-9404)

> 
> Hi David,
> 
> Yes its a known issue. It has been fixed, i thought in 4.9, maybe the PR
> has not been process yet?
> 
> On Oct 25, 2016 10:46, "Simon Weller" <sweller@ena.com> wrote:
> 
> David,
> 
> 
> Can you post your question to the dev list?
> 
> You're more likely to get a response there.
> 
> 
> - Si
> 
> 
> ________________________________
> From: David Amorín <david.amorin@adderglobal.com>
> Sent: Tuesday, October 25, 2016 9:23 AM
> To: users@cloudstack.apache.org; users@cloudstack.apache.org
> Subject: Re[7]: Network ACL rules in VPCs are applied in an inverted order
> (CLOUDSTACK-9404)
> 
> Sorry to bring up an old question, just want to ask again if somebody
> can confirm this issue (inverted order of the ACL rules) with CS 4.9 and
> VPC router version 4.6
> 
> Thanks,
> 
> David
> 
> ------ Mensaje original ------
> De: "David Amorín" <david.amorin@adderglobal.com>
> Para: "users@cloudstack.apache.org" <users@cloudstack.apache.org>
> Enviado: 17/10/2016 11:16:03
> Asunto: Re[6]: Network ACL rules in VPCs are applied in an inverted
> order (CLOUDSTACK-9404)
> 
> >Hi ,
> >I did a couple of tests more and i can confirm the issue
> >(CLOUDSTACK-9404) still happens with the version CS 4.9 using the VPC
> >router version 4.6
> >
> >See an example:
> >
> >I have an egress rules like following:
> >Rule number: 101CIDR: 8.8.8.8/32Action: Allow, Traffic Type:
> >EgressProtocol: ICMP, ICMPtype: -1, ICMPCode: -1
> >
> >Then I add this rule:
> >Rule number: 1002CIDR: 0.0.0.0/0Action: Deny, Traffic Type:
> >EgressProtocol: ALL
> >
> >Checking the VR, in file /etc/iptables/router_rules.v4, the rules are
> >applied in wrong order:
> >-A ACL_OUTBOUND_eth2 -d 224.0.0.18/32 -j ACCEPT
> >-A ACL_OUTBOUND_eth2 -d 225.0.0.50/32 -j ACCEPT
> >-A ACL_OUTBOUND_eth2 -j DROP
> >-A ACL_OUTBOUND_eth2 -d 8.8.8.8/32 -p icmp -m icmp --icmp-type any -j
> >ACCEPT
> >
> >
> >But then if i restart the VPC and clean up, I check again iptables and
> >now is correct order:
> >-A ACL_OUTBOUND_eth2 -d 224.0.0.18/32 -j ACCEPT
> >-A ACL_OUTBOUND_eth2 -d 225.0.0.50/32 -j ACCEPT
> >-A ACL_OUTBOUND_eth2 -d 8.8.8.8/32 -p icmp -m icmp --icmp-type any -j
> >ACCEPT
> >-A ACL_OUTBOUND_eth2 -j DROP
> >
> >Is the VPC rotuer version 4.6 the latest one?
> >
> >I really apprecciate if somebody else can confirm this issue
> >
> >Best,
> >
> >David
> >
> >------ Mensaje original ------
> >De: "Simon Weller" <sweller@ena.com>
> >Para: "users@cloudstack.apache.org" <users@cloudstack.apache.org>;
> >"David Amorín" <david.amorin@adderglobal.com>
> >Enviado: 05/10/2016 18:35:48
> >Asunto: Re: Re[4]: Network ACL rules in VPCs are applied in an inverted
> >order (CLOUDSTACK-9404)
> >
> >>Try doing a restart with network cleanup and see if that fixes your
> >>problem. The fixes are in the system iso and that will required a
> >>redeploy.
> >>
> >>
> >>
> >>- Si
> >>
> >>
> >>----------------------------------------------------------
> ----------------------
> >>From: David Amorín <david.amorin@adderglobal.com>
> >>Sent: Wednesday, October 5, 2016 11:18 AM
> >>To: Simon Weller; users@cloudstack.apache.org
> >>Subject: Re[4]: Network ACL rules in VPCs are applied in an inverted
> >>order (CLOUDSTACK-9404)
> >>
> >>Yes, we did the upgrade from 4.5.2 to 4.9.0
> >>
> >>
> >>
> >>
> >>------ Mensaje original ------
> >>De: "Simon Weller" <sweller@ena.com>
> >>Para: "users@cloudstack.apache.org" <users@cloudstack.apache.org>;
> >>"David Amorín" <david.amorin@adderglobal.com>
> >>Enviado: 05/10/2016 18:11:26
> >>Asunto: Re: Re[2]: Network ACL rules in VPCs are applied in an
> >>inverted order (CLOUDSTACK-9404)
> >>
> >>>Was this an upgrade from an older release?
> >>>
> >>>
> >>>
> >>>---------------------------------------------------------
> -----------------------
> >>>From: David Amorín <david.amorin@adderglobal.com>
> >>>Sent: Wednesday, October 5, 2016 10:11 AM
> >>>To:users@cloudstack.apache.org
> >>>Subject: Re[2]: Network ACL rules in VPCs are applied in an inverted
> >>>order (CLOUDSTACK-9404)
> >>>
> >>>We are running 4.9.0 and we are still facing the issues of the ACL
> >>>Rules
> >>>(CLOUDSTACK-9404)
> >>>
> >>>
> >>>
> >>>------ Mensaje original ------
> >>>De: "Simon Weller" <sweller@ena.com>
> >>>Para: "users@cloudstack.apache.org" <users@cloudstack.apache.org>;
> >>>"David Amorín" <david.amorin@adderglobal.com>
> >>>Enviado: 04/10/2016 18:02:22
> >>>Asunto: Re: Network ACL rules in VPCs are applied in an inverted
> >>>order
> >>>(CLOUDSTACK-9404)
> >>>
> >>> >David,
> >>> >
> >>> >
> >>> >What version are you currently running?
> >>> >
> >>> >
> >>> >I believe 2 patches got into 4.9.0 related to this. #1581 and #1616.
> >>> >
> >>> >
> >>> >At least #1581 was also merged into 4.8.x for the next point
> >>>release.
> >>> >
> >>> >
> >>> >- Si
> >>> >
> >>> >________________________________
> >>> >From: David Amorín <david.amorin@adderglobal.com>
> >>> >Sent: Tuesday, October 4, 2016 10:47 AM
> >>> >To: users@cloudstack.apache.org
> >>> >Subject: Network ACL rules in VPCs are applied in an inverted order
> >>> >(CLOUDSTACK-9404)
> >>> >
> >>> >Hi all,
> >>> >I see this bug is already resolved
> >>> >
> >>> >https://issues.apache.org/jira/browse/CLOUDSTACK-9404
> >>> >[CLOUDSTACK-9404] Network ACL rules in VPCs are applied in
> >>> >...<https://issues.apache.org/jira/browse/CLOUDSTACK-9404>
> >>> >issues.apache.org
> >>> >Linked Applications. Loading... Dashboards
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >Do you know if will be available on 4.9.1?
> >>> >
> >>> >Thanks
> >>> >
> >>> >David
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message