[GitHub] cloudstack pull request #1581: CLOUDSTACK-9404 Fixed ordering of network ACL...

Mon, 06 Jun 2016 14:17:35 -0700 

GitHub user pdube reopened a pull request:

    https://github.com/apache/cloudstack/pull/1581

    CLOUDSTACK-9404 Fixed ordering of network ACL rules being sent to the VR.

     The comparator was inverted.
    
    Issue: https://issues.apache.org/jira/browse/CLOUDSTACK-9404
    
    In this example, I created rules with the port numbers the same as the rule 
numbers.
    
    Chain ACL_INBOUND_eth2 (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             225.0.0.50
    ACCEPT     all  --  anywhere             vrrp.mcast.net
    DROP       tcp  --  anywhere             anywhere             tcp 
dpt:netstat
    DROP       tcp  --  anywhere             anywhere             tcp dpt:10
    DROP       tcp  --  anywhere             anywhere             tcp dpt:5
    DROP       tcp  --  anywhere             anywhere             tcp dpt:3
    DROP       tcp  --  anywhere             anywhere             tcp dpt:2
    DROP       all  --  anywhere             anywhere
    
    We can see above that the rules are inverted.
    
    After the fix:
    
    Chain ACL_INBOUND_eth2 (1 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             225.0.0.50
    ACCEPT     all  --  anywhere             vrrp.mcast.net
    DROP       tcp  --  anywhere             anywhere             tcp dpt:2
    DROP       tcp  --  anywhere             anywhere             tcp dpt:3
    DROP       tcp  --  anywhere             anywhere             tcp dpt:5
    DROP       tcp  --  anywhere             anywhere             tcp dpt:10
    DROP       tcp  --  anywhere             anywhere             tcp 
dpt:netstat
    DROP       all  --  anywhere             anywhere


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/pdube/cloudstack network-acl-rules-order

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cloudstack/pull/1581.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1581
    
----
commit caf4a48075e0f59b5d101efdd3ac6b1bee8f4f39
Author: Patrick Dube <[email protected]>
Date:   2016-06-02T17:15:38Z

    Fixed ordering of network ACL rules being sent to the VR. The comparator 
was inverted

commit 4c97a3981dc0d543e02f62f2bb4fc2eb805545c6
Author: Patrick Dube <[email protected]>
Date:   2016-06-02T17:44:39Z

    Added unit test to verify ordering

commit 9cdd23fdc77e643d886c3af8cb0a60f9c4ddf84f
Author: Patrick Dube <[email protected]>
Date:   2016-06-03T12:48:47Z

    Added ASF license to unit test file

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

Reply via email to