You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Rohit Yadav (JIRA)" <ji...@apache.org> on 2015/03/09 10:14:39 UTC
[jira] [Closed] (CLOUDSTACK-8305) VPC ACL Rules are not applied to
Virtual Router
[ https://issues.apache.org/jira/browse/CLOUDSTACK-8305?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rohit Yadav closed CLOUDSTACK-8305.
-----------------------------------
Resolution: Fixed
After the fix from https://issues.apache.org/jira/browse/CLOUDSTACK-8248 Paul suggests it does not occur now. Closing on that remark.
> VPC ACL Rules are not applied to Virtual Router
> -----------------------------------------------
>
> Key: CLOUDSTACK-8305
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8305
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Virtual Router
> Affects Versions: 4.5.0
> Reporter: Paul Angus
> Assignee: Rohit Yadav
> Priority: Blocker
>
> When creating an ACL rule;
> Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual router doesn't exist in the network 205
> is seen in the cloudstack log
> and iptables -L does not show any new rules having been applied.
> root@r-7-VM:/var/log# iptables -L
> Chain INPUT (policy DROP)
> target prot opt source destination
> NETWORK_STATS all -- anywhere anywhere
> ACCEPT all -- anywhere vrrp.mcast.net
> ACCEPT all -- anywhere 225.0.0.50
> ACCEPT icmp -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922
> ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
> Chain FORWARD (policy DROP)
> target prot opt source destination
> NETWORK_STATS_eth1 all -- anywhere anywhere
> NETWORK_STATS all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
> ACCEPT all -- 192.168.0.0/16 !192.168.0.0/16
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> NETWORK_STATS all -- anywhere anywhere
> Chain NETWORK_STATS (3 references)
> target prot opt source destination
> all -- anywhere anywhere
> all -- anywhere anywhere
> tcp -- anywhere anywhere
> tcp -- anywhere anywhere
> Chain NETWORK_STATS_eth1 (1 references)
> target prot opt source destination
> all -- 192.168.0.0/16 anywhere
> all -- anywhere 192.168.0.0/16
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)