You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "René Moser (JIRA)" <ji...@apache.org> on 2017/12/08 10:43:00 UTC

[jira] [Closed] (CLOUDSTACK-10043) Egress Rule in VPC ACL broken

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-10043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

René Moser closed CLOUDSTACK-10043.
-----------------------------------
       Resolution: Fixed
    Fix Version/s: 4.11.0.0
                   4.10.1.0

>  Egress Rule in VPC ACL broken
> ------------------------------
>
>                 Key: CLOUDSTACK-10043
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10043
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Virtual Router, VPC, XenServer
>    Affects Versions: 4.9.2.0
>         Environment: Cloudstack 4.9.2.0
> XenServer 6.5SP1
> Zone with Advanced Network
>            Reporter: Francois Scheurer
>            Assignee: René Moser
>            Priority: Blocker
>             Fix For: 4.10.1.0, 4.11.0.0
>
>
> The Network Offering of the VPC Tier has a Default Egress Policy = Deny.
> Some Allow Rules exist in the ACL, but _ALL_ egress connections are possible.
> Creating a Deny All rule explicit at the end of the rules is actually blocking ALL traffic (should not, because of the Allow rules).
> The Iptables in the VR are wrong:
> 1) the allow & deny rules are in wrong order.
> 2) some rules are in mangle table instead of filter
> Do you know how to fix this?
> Thank you for your help.
> Francois Scheurer



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)