4.7 - VPC Network ACL rules

[Patrick Dube <pa...@gmail.com>]

Hello

I have been hitting problems with Network ACL rules in VPCs with 4.7 (
looked at the code for 4.8 and it looks similar). It seems that the rule
ordering is actually inverted on the VR. So the rules with higher rule
numbers are getting checked before the lower ones. As an example, this can
be problematic if you want a DENY all and to whitelist certain traffic.
Also, changing the rule number does not apply the new order to the VR.

Anyone else having problems?

Patrick

Re: 4.7 - VPC Network ACL rules

[Jayapal Uradi <ja...@accelerite.com>]

Hi Patrick,

Can you please send the DB entries of ACL rules and iptables rules output (iptables  -L -nv)
These will helps to understand the issue better.

-Jayapal

> On Jun 1, 2016, at 7:24 PM, Patrick Dube <pa...@gmail.com> wrote:
> 
> Hello
> 
> I have been hitting problems with Network ACL rules in VPCs with 4.7 (
> looked at the code for 4.8 and it looks similar). It seems that the rule
> ordering is actually inverted on the VR. So the rules with higher rule
> numbers are getting checked before the lower ones. As an example, this can
> be problematic if you want a DENY all and to whitelist certain traffic.
> Also, changing the rule number does not apply the new order to the VR.
> 
> Anyone else having problems?
> 
> Patrick




DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.