weizhouapache commented on issue #3905: Fix network rules issue if default egress policy is Allow URL: https://github.com/apache/cloudstack/pull/3905#issuecomment-589547167 > code looks good > one question, we are now unconditionally adding a default rule for the network to the existing list (empty or not) is there any guarantee we don't add conflicting rules _in the right order_? (i.e. deny for some prot./port as well as allow.) @DaanHoogland the rule for default egress policy is always added to the end of firewall rules list (it is not saved to database). it should be good. https://github.com/apache/cloudstack/blob/18ad783f65d0c8e5a2df08c4c1e504b5963e210a/server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java#L1949-L1969
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
