Merge pull request #1666 from murali-reddy/egress_rules

CLOUDSTACK-9480,  CLOUDSTACK-9495 fix egress rule incorrect behaviorWhen 
'default egress policy' is set to 'allow' in the network offering, any egress 
rule that is added will 'deny' the traffic overriding the default behaviour.

Conversely, when 'default egress policy' is set to 'deny' in the network 
offering, any egress rule that is added will 'allow' the traffic overriding the 
default behaviour.

While this works for 'tcp', 'udp' as expected, for 'icmp' protocol its always 
set to ALLOW. This patch keeps all protocols behaviour consistent.

Results of running test/integration/component/test_egress_fw_rules.py.  With 
out the patch test_02_egress_fr2 test was failing. This patch fixes the 
test_02_egress_fr2  scenario.
-----------------------------------------------------------------------------------------------------
Test By-default the communication from guest n/w to public n/w is NOT allowed. 
... === TestName: test_01_1_egress_fr1 | Status : SUCCESS ===
ok
Test By-default the communication from guest n/w to public n/w is allowed. ... 
=== TestName: test_01_egress_fr1 | Status : SUCCESS ===
ok
Test Allow Communication using Egress rule with CIDR + Port Range + Protocol. 
... === TestName: test_02_1_egress_fr2 | Status : SUCCESS ===
ok
Test Allow Communication using Egress rule with CIDR + Port Range + Protocol. 
... === TestName: test_02_egress_fr2 | Status : SUCCESS ===
ok
Test Communication blocked with network that is other than specified ... === 
TestName: test_03_1_egress_fr3 | Status : SUCCESS ===
ok
Test Communication blocked with network that is other than specified ... === 
TestName: test_03_egress_fr3 | Status : SUCCESS ===
ok
Test Create Egress rule and check the Firewall_Rules DB table ... === TestName: 
test_04_1_egress_fr4 | Status : SUCCESS ===
ok
Test Create Egress rule and check the Firewall_Rules DB table ... === TestName: 
test_04_egress_fr4 | Status : SUCCESS ===
ok
Test Create Egress rule and check the IP tables ... SKIP: Skip
Test Create Egress rule and check the IP tables ... SKIP: Skip
Test Create Egress rule without CIDR ... === TestName: test_06_1_egress_fr6 | 
Status : SUCCESS ===
ok
Test Create Egress rule without CIDR ... === TestName: test_06_egress_fr6 | 
Status : SUCCESS ===
ok
Test Create Egress rule without End Port ... === TestName: test_07_1_egress_fr7 
| Status : EXCEPTION ===
ERROR
Test Create Egress rule without End Port ... === TestName: test_07_egress_fr7 | 
Status : SUCCESS ===
ok
Test Port Forwarding and Egress Conflict ... SKIP: Skip
Test Port Forwarding and Egress Conflict ... SKIP: Skip
Test Delete Egress rule ... === TestName: test_09_1_egress_fr9 | Status : 
SUCCESS ===
ok
Test Delete Egress rule ... === TestName: test_09_egress_fr9 | Status : SUCCESS 
===
ok
Test Invalid CIDR and Invalid Port ranges ... === TestName: 
test_10_1_egress_fr10 | Status : SUCCESS ===
ok
Test Invalid CIDR and Invalid Port ranges ... === TestName: test_10_egress_fr10 
| Status : SUCCESS ===
ok
Test Regression on Firewall + PF + LB + SNAT ... === TestName: 
test_11_1_egress_fr11 | Status : SUCCESS ===
ok
Test Regression on Firewall + PF + LB + SNAT ... === TestName: 
test_11_egress_fr11 | Status : SUCCESS ===
ok
Test Reboot Router ... === TestName: test_12_1_egress_fr12 | Status : SUCCESS 
===
ok
Test Reboot Router ... === TestName: test_12_egress_fr12 | Status : EXCEPTION 
===
ERROR
Test Redundant Router : Master failover ... === TestName: test_13_1_egress_fr13 
| Status : SUCCESS ===
ok
Test Redundant Router : Master failover ... === TestName: test_13_egress_fr13 | 
Status : SUCCESS ===
ok
-----------------------------------------------------------------------------------------------------

* pr/1666:
  fix egress rule incorrect behavior

Signed-off-by: Rajani Karuturi <rajani.karut...@accelerite.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/cc043e9f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/cc043e9f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/cc043e9f

Branch: refs/heads/master
Commit: cc043e9f8f834c4bc7dcf7a3a04fce63f2a8480d
Parents: a661a11 a43abbe
Author: Rajani Karuturi <rajani.karut...@accelerite.com>
Authored: Wed Sep 21 14:54:31 2016 +0530
Committer: Rajani Karuturi <rajani.karut...@accelerite.com>
Committed: Wed Sep 21 14:54:31 2016 +0530

----------------------------------------------------------------------
 .../debian/config/opt/cloud/bin/configure.py    | 69 ++++++++++----------
 .../component/test_egress_fw_rules.py           | 56 ++++++++++++++++
 2 files changed, 90 insertions(+), 35 deletions(-)
----------------------------------------------------------------------


Reply via email to