You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Paul Angus (JIRA)" <ji...@apache.org> on 2015/03/09 10:14:38 UTC

[jira] [Comment Edited] (CLOUDSTACK-8305) VPC ACL Rules are not applied to Virtual Router

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14352706#comment-14352706 ] 

Paul Angus edited comment on CLOUDSTACK-8305 at 3/9/15 9:14 AM:
----------------------------------------------------------------

This was related to https://issues.apache.org/jira/browse/CLOUDSTACK-8248 as API issue stopped rules being applied.
tested by two people in separate environments - now working.


was (Author: paulangus):
This was related to https://issues.apache.org/jira/browse/CLOUDSTACK-8248 as API stopped rules being applied.
tested by two people in separate environments - now working.

> VPC ACL Rules are not applied to Virtual Router
> -----------------------------------------------
>
>                 Key: CLOUDSTACK-8305
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8305
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Virtual Router
>    Affects Versions: 4.5.0
>            Reporter: Paul Angus
>            Assignee: Rohit Yadav
>            Priority: Blocker
>
> When creating an ACL rule;
> Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual router doesn't exist in the network 205
> is seen in the cloudstack log
> and iptables -L does not show any new rules having been applied.
> root@r-7-VM:/var/log# iptables -L
> Chain INPUT (policy DROP)
> target     prot opt source               destination
> NETWORK_STATS  all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             vrrp.mcast.net
> ACCEPT     all  --  anywhere             225.0.0.50
> ACCEPT     icmp --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:3922
> ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> NETWORK_STATS_eth1  all  --  anywhere             anywhere
> NETWORK_STATS  all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
> ACCEPT     all  --  192.168.0.0/16      !192.168.0.0/16
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> NETWORK_STATS  all  --  anywhere             anywhere
> Chain NETWORK_STATS (3 references)
> target     prot opt source               destination
>            all  --  anywhere             anywhere
>            all  --  anywhere             anywhere
>            tcp  --  anywhere             anywhere
>            tcp  --  anywhere             anywhere
> Chain NETWORK_STATS_eth1 (1 references)
> target     prot opt source               destination
>            all  --  192.168.0.0/16       anywhere
>            all  --  anywhere             192.168.0.0/16



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)