You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "Paul Angus (JIRA)" <ji...@apache.org> on 2015/03/06 18:17:39 UTC

[jira] [Created] (CLOUDSTACK-8305) VPC ACL Rules are not applied to Virtual Router

Paul Angus created CLOUDSTACK-8305:
--------------------------------------

             Summary: VPC ACL Rules are not applied to Virtual Router
                 Key: CLOUDSTACK-8305
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8305
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Virtual Router
    Affects Versions: 4.5.0
            Reporter: Paul Angus
            Assignee: Rohit Yadav
            Priority: Blocker


When creating an ACL rule;

Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual router doesn't exist in the network 205

is seen in the cloudstack log

and iptables -L does not show any new rules having been applied.

root@r-7-VM:/var/log# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
NETWORK_STATS  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             vrrp.mcast.net
ACCEPT     all  --  anywhere             225.0.0.50
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:3922
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

Chain FORWARD (policy DROP)
target     prot opt source               destination
NETWORK_STATS_eth1  all  --  anywhere             anywhere
NETWORK_STATS  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  192.168.0.0/16      !192.168.0.0/16

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
NETWORK_STATS  all  --  anywhere             anywhere

Chain NETWORK_STATS (3 references)
target     prot opt source               destination
           all  --  anywhere             anywhere
           all  --  anywhere             anywhere
           tcp  --  anywhere             anywhere
           tcp  --  anywhere             anywhere

Chain NETWORK_STATS_eth1 (1 references)
target     prot opt source               destination
           all  --  192.168.0.0/16       anywhere
           all  --  anywhere             192.168.0.0/16




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)