You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Rohit Yadav (JIRA)" <ji...@apache.org> on 2015/03/09 10:14:39 UTC

[jira] [Closed] (CLOUDSTACK-8305) VPC ACL Rules are not applied to Virtual Router

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-8305?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rohit Yadav closed CLOUDSTACK-8305.
-----------------------------------
    Resolution: Fixed

After the fix from https://issues.apache.org/jira/browse/CLOUDSTACK-8248 Paul suggests it does not occur now. Closing on that remark.

> VPC ACL Rules are not applied to Virtual Router
> -----------------------------------------------
>
>                 Key: CLOUDSTACK-8305
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8305
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Virtual Router
>    Affects Versions: 4.5.0
>            Reporter: Paul Angus
>            Assignee: Rohit Yadav
>            Priority: Blocker
>
> When creating an ACL rule;
> Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual router doesn't exist in the network 205
> is seen in the cloudstack log
> and iptables -L does not show any new rules having been applied.
> root@r-7-VM:/var/log# iptables -L
> Chain INPUT (policy DROP)
> target     prot opt source               destination
> NETWORK_STATS  all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             vrrp.mcast.net
> ACCEPT     all  --  anywhere             225.0.0.50
> ACCEPT     icmp --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:3922
> ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> NETWORK_STATS_eth1  all  --  anywhere             anywhere
> NETWORK_STATS  all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
> ACCEPT     all  --  192.168.0.0/16      !192.168.0.0/16
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> NETWORK_STATS  all  --  anywhere             anywhere
> Chain NETWORK_STATS (3 references)
> target     prot opt source               destination
>            all  --  anywhere             anywhere
>            all  --  anywhere             anywhere
>            tcp  --  anywhere             anywhere
>            tcp  --  anywhere             anywhere
> Chain NETWORK_STATS_eth1 (1 references)
> target     prot opt source               destination
>            all  --  192.168.0.0/16       anywhere
>            all  --  anywhere             192.168.0.0/16



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)