Curverneur commented on issue #9398: URL: https://github.com/apache/cloudstack/issues/9398#issuecomment-3755008514
Hi, we noticed this behaviour as well and did some tests. **Example:** <img width="1617" height="882" alt="Image" src="https://github.com/user-attachments/assets/2e339627-f997-48bb-9d13-5164599f03b8"; /> ```bash root@r-1948-VM:~# iptables -t mangle -L -n -v --line-numbers # [...] Chain ACL_OUTBOUND_eth2 (1 references) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT 0 -- * * 0.0.0.0/0 224.0.0.18 2 0 0 ACCEPT 0 -- * * 0.0.0.0/0 10.0.0.0/8 3 0 0 ACCEPT 6 -- * * 0.0.0.0/0 192.168.1.0/24 tcp dpt:443 4 11 836 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 5 0 0 ACCEPT 0 -- * * 0.0.0.0/0 225.0.0.50 # [...] ``` **How it doesn't work:** If I try to swap the rule `10.0.0.0/8` with `192.168.1.0/24` by using the "move" icon (drag&drop), the page refreshes asap and the ui shows changed rule numbers: <img width="58" height="54" alt="Image" src="https://github.com/user-attachments/assets/3dab9f34-eb26-40ca-bbdf-086c973b3eea"; /> <img width="1605" height="875" alt="Image" src="https://github.com/user-attachments/assets/2bc44808-7e08-455f-b250-5e7c3dbaed4a"; /> Checking the VirtualRouter indicates no change: ````bash root@r-1948-VM:~# iptables -t mangle -L -n -v --line-numbers # [...] Chain ACL_OUTBOUND_eth2 (1 references) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT 0 -- * * 0.0.0.0/0 224.0.0.18 2 4 264 ACCEPT 0 -- * * 0.0.0.0/0 10.0.0.0/8 3 0 0 ACCEPT 6 -- * * 0.0.0.0/0 192.168.1.0/24 tcp dpt:443 4 98 7448 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 5 0 0 ACCEPT 0 -- * * 0.0.0.0/0 225.0.0.50 # [...] ```` Reverting the change in the ui to get back to the starting position: <img width="1617" height="884" alt="Image" src="https://github.com/user-attachments/assets/771d0059-6736-412f-ad95-e390817afbad"; /> **How it works:** Changing the rule number of `192.168.1.0/24` from 4 to 2 to move it before`10.0.0.0/8` using the edit button: <img width="47" height="39" alt="Image" src="https://github.com/user-attachments/assets/7a2921d1-3e94-4dfb-b3f4-16f51293f1c9"; /> <img width="518" height="472" alt="Image" src="https://github.com/user-attachments/assets/d7aca931-1899-41c8-b968-0ed6ae97a42c"; /> --> you notice, that the page takes longer to save <img width="1604" height="869" alt="Image" src="https://github.com/user-attachments/assets/4d23dc2e-130c-4993-bda4-8cb13052ae8b"; /> --> the rule numbers changed in the VirtualRouter: ```bash root@r-1948-VM:~# iptables -t mangle -L -n -v --line-numbers # [...] Chain ACL_OUTBOUND_eth2 (1 references) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT 0 -- * * 0.0.0.0/0 224.0.0.18 2 0 0 ACCEPT 6 -- * * 0.0.0.0/0 192.168.1.0/24 tcp dpt:443 3 0 0 ACCEPT 0 -- * * 0.0.0.0/0 10.0.0.0/8 4 21 1596 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 5 0 0 ACCEPT 0 -- * * 0.0.0.0/0 225.0.0.50 # [...] ``` **Summary:** Changing the rule number of an ACL Rule (live) only works by using the edit button. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
