Egress rules with default=allow

[Marty Godsey <ma...@gonsource.com>]

so I have a new compute offering and i have the default egress as allow.. so, it works "fine" allowing traffic.

when I go to the egress I see a popup that says "add rules to BLOCK traffic"

so as a test i add ping to block pings leaving.

I have an instance running a ping and it works.. i then add the egress rule a i still can ping..

this is 4.9

anyone seen this?

Regards,
Marty Godsey

Re: Egress rules with default=allow

[Rohit Yadav <ro...@shapeblue.com>]

Marty -- for established connection, the firewall rules won't kill such connection. Once a egress block rule is set, it won't block established connections, but if you break pings from the VM and try again it should not allow egress traffic/pings.


Regards.

________________________________
From: Marty Godsey <ma...@gonsource.com>
Sent: 17 August 2016 23:49:47
To: users@cloudstack.apache.org
Subject: Egress rules with default=allow

so I have a new compute offering and i have the default egress as allow.. so, it works "fine" allowing traffic.

when I go to the egress I see a popup that says "add rules to BLOCK traffic"

so as a test i add ping to block pings leaving.

I have an instance running a ping and it works.. i then add the egress rule a i still can ping..

this is 4.9

anyone seen this?

Regards,
Marty Godsey


rohit.yadav@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue