You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "DeepthiMachiraju (JIRA)" <ji...@apache.org> on 2017/01/27 10:23:24 UTC

[jira] [Created] (CLOUDSTACK-9761) Custom NW offering with Default Egress policy as " Allow" : new ICMP rule is created as "accept" instead of " DROP"

DeepthiMachiraju created CLOUDSTACK-9761:
--------------------------------------------

             Summary: Custom NW offering with Default Egress policy as " Allow" : new ICMP rule is created as "accept" instead of " DROP"
                 Key: CLOUDSTACK-9761
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9761
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Virtual Router
    Affects Versions: 4.9.0.1
            Reporter: DeepthiMachiraju
             Fix For: 4.10.0.0


- Create a new network offering say 'nw1' with Default Egress policy as " Allow".
- deploy a network with the above offering.
================================================================================================
Chain FW_EGRESS_RULES (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
================================================================================================
- on UI , select ICMP protocol and add the rule . 
================================================================================================
Chain FW_EGRESS_RULES (1 references)
target     prot opt source               destination
ACCEPT     icmp --  10.1.1.0/24          0.0.0.0/0            icmptype 255
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
================================================================================================

- tcp/udp rules are added appropriately as drop .

================================================================================================

Chain FW_EGRESS_RULES (1 references)
target     prot opt source               destination
DROP       udp  --  10.1.1.0/24          0.0.0.0/0            udp dpts:250:360
DROP       tcp  --  10.1.1.0/24          0.0.0.0/0            tcp dpts:1:1000
ACCEPT     icmp --  10.1.1.0/24          0.0.0.0/0            icmptype 255
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
================================================================================================

 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)