Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/1311#issuecomment-169303235
Ping @remibergsma @miguelaferreira @michaelandersen
* Environment
- Management Server on CentOS 7.1
- 1 KVM Host on CentOS 7.1
- Agent + Common built from 4.7 source
* Manual tests
* Network ACL JSON file
```
root@r-3-VM:~#
root@r-3-VM:~# less /etc/cloudstack/networkacl.json
{
"eth2": {
"device": "eth2",
"egress_rules": [],
"ingress_rules": [
{
"allowed": true,
"cidr": "10.0.0.0/8,0.0.0.0/0",
"first_port": 22,
"last_port": 22,
"type": "tcp"
}
],
"mac_address": "02:00:7e:56:00:02",
"nic_ip": "10.0.1.1",
"nic_netmask": "26",
"private_gateway_acl": false,
"type": "networkacl"
},
"id": "networkacl"
}
/etc/cloudstack/networkacl.json (END)
```
* SSH into VM
```
sbpltk1zffh04:sbp_dev wrodrigues$ ssh [email protected]
The authenticity of host '192.168.23.5 (192.168.23.5)' can't be established.
RSA key fingerprint is 11:d8:17:ce:62:cf:f9:23:78:fe:ec:34:c3:90:6a:fc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.23.5' (RSA) to the list of known hosts.
[email protected]'s password:
# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=48 time=9.879 ms
64 bytes from 8.8.8.8: seq=1 ttl=48 time=9.777 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 9.777/9.828/9.879 ms
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 02:00:76:53:00:01 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.28/26 brd 10.0.1.63 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::76ff:fe53:1/64 scope link
valid_lft forever preferred_lft forever
#
```
* ACL inbound (iptables)
```
Chain ACL_INBOUND_eth2 (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- any any anywhere
225.0.0.50
0 0 ACCEPT all -- any any anywhere
vrrp.mcast.net
2 128 ACCEPT tcp -- any any anywhere
anywhere tcp dpt:ssh
0 0 ACCEPT tcp -- any any 10.0.0.0/8
anywhere tcp dpt:ssh
0 0 DROP all -- any any anywhere
anywhere
```
I will run the integration tests now.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
