Github user murali-reddy commented on the issue:
@karuturi i did not change the logic of how and what iptables rules were
added in the original patch. I just stream lined rule action deny/allow logic
for all the protocols.
I have updated the patch as there is one more egress rule bug
"CLOUDSTACK-9495: Egress rules functionalty broken when protocol=all
specified". Now iptable rules are only inserted in the front.
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket