You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by Matthew Smart <ms...@smartsoftwareinc.com> on 2017/02/13 02:05:35 UTC

Sanity Check: Router order of operations

Hey guys,
Can I get a confirmation that the following statements are true for
routing in ACS?

1. When processing incoming packets the ingress firewall rules are applied
before the port forwarding rules.


2. Adding a port forwarding rule that does not have a corresponding
ingress firewall rule will result in the packets matching the PF rule
being dropped.

3. Adding an ingress firewall rule without a corresponding port forwarding
rule will result in the packets matching the FW rule being dropped.

If any of these statements are incorrect can you please explain how the
router will actually behave in those circumstances?

Thanks!

-- 
Matthew Smart
President
Smart Software Solutions Inc.
108 S Pierre St.
Pierre, SD 57501

Phone: (605) 280-0383
Skype: msmart13
Email: msmart@smartsoftwareinc.com