Github user murali-reddy commented on the issue: https://github.com/apache/cloudstack/pull/1666 @karuturi i did not change the logic of how and what iptables rules were added in the original patch. I just stream lined rule action deny/allow logic for all the protocols. I have updated the patch as there is one more egress rule bug "CLOUDSTACK-9495: Egress rules functionalty broken when protocol=all specified". Now iptable rules are only inserted in the front.
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---