Github user dmabry commented on the issue:
https://github.com/apache/cloudstack/pull/1581
I tested this in our lab with advanced networking verified the patch is
working as expected. I used the following test process.
1. Created an acl and applied it to 1 VPC Network Tier.
```
10 192.168.10.0/24 Allow ALL Ingress
20 192.168.20.0/24 Allow ALL Ingress
30 192.168.30.0/24 Allow ALL Ingress
```
2. iptables looked like the following on the VPC VR
```
Chain ACL_INBOUND_eth2 (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 225.0.0.50
ACCEPT all -- 0.0.0.0/0 224.0.0.18
ACCEPT all -- 192.168.10.0/24 0.0.0.0/0
ACCEPT all -- 192.168.20.0/24 0.0.0.0/0
ACCEPT all -- 192.168.30.0/24 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
```
3. I added an additional rule of:
```
40 192.168.40.0/24 Allow TCP 80 80
Ingress
```
4. iptables looked like the following on the VPC VR
```
Chain ACL_INBOUND_eth2 (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 225.0.0.50
ACCEPT all -- 0.0.0.0/0 224.0.0.18
ACCEPT all -- 192.168.10.0/24 0.0.0.0/0
ACCEPT all -- 192.168.20.0/24 0.0.0.0/0
ACCEPT all -- 192.168.30.0/24 0.0.0.0/0
ACCEPT tcp -- 192.168.40.0/24 0.0.0.0/0 tcp dpt:80
DROP all -- 0.0.0.0/0 0.0.0.0/0
```
In summary, it looks like this patch works verified by manual testing in my
lab.
In short, LGTM based on testing.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
