[
https://issues.apache.org/jira/browse/CLOUDSTACK-2487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13658139#comment-13658139
]
Kishan Kavala commented on CLOUDSTACK-2487:
-------------------------------------------
Default ACL cannot be modified. I updated the error message to clearly say
"Default ACL cannot be modified".
To create an acl rule, first ACL list has to be created. acl rule can be adding
to the user created acl list.
> NTier: Unable to create an ACL rule on a Network Tier
> -----------------------------------------------------
>
> Key: CLOUDSTACK-2487
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2487
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
> Affects Versions: 4.2.0
> Reporter: Chandan Purushothama
> Assignee: Kishan Kavala
> Priority: Blocker
> Fix For: 4.2.0
>
>
> ================
> Steps to Reproduce:
> ================
> 1. Create a VPC.
> 2. Create a Network Tier
> 3. Create an ACL rule on the Network Tier
> ==========
> Observations:
> ==========
> 2013-05-14 14:03:18,638 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null)
> ===START=== 10.216.133.86 -- GET
> command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=tcp&startport=22&endport=23&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368565441624
> 2013-05-14 14:03:18,667 DEBUG [cloud.user.AccountManagerImpl]
> (catalina-exec-17:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by
> DomainChecker_EnhancerByCloudStack_32dba8cb
> 2013-05-14 14:03:18,673 INFO [cloud.api.ApiServer] (catalina-exec-17:null)
> Unable to find Vpc associated with the NetworkACL
> 2013-05-14 14:03:18,678 DEBUG [cloud.api.ApiServlet] (catalina-exec-17:null)
> ===END=== 10.216.133.86 -- GET
> command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=tcp&startport=22&endport=23&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368565441624
> mysql> select * from network_acl_item;
> +----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
> | id | uuid | acl_id | start_port | end_port
> | state | protocol | created | icmp_code | icmp_type |
> traffic_type | cidr | number | action |
> +----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
> | 1 | 28bf54e2-bbfa-11e2-98e5-06d4460004b1 | 1 | NULL | NULL
> | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Ingress
> | 0.0.0.0/0 | 1 | Deny |
> | 2 | 28bf61e4-bbfa-11e2-98e5-06d4460004b1 | 1 | NULL | NULL
> | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Egress
> | 0.0.0.0/0 | 2 | Deny |
> | 3 | 28bf78fa-bbfa-11e2-98e5-06d4460004b1 | 2 | NULL | NULL
> | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Ingress
> | 0.0.0.0/0 | 1 | Allow |
> | 4 | 28bf8516-bbfa-11e2-98e5-06d4460004b1 | 2 | NULL | NULL
> | Active | all | 2013-05-13 11:23:07 | NULL | NULL | Egress
> | 0.0.0.0/0 | 2 | Allow |
> +----+--------------------------------------+--------+------------+----------+--------+----------+---------------------+-----------+-----------+--------------+-----------+--------+--------+
> 4 rows in set (0.00 sec)
> mysql> select * from network_acl;
> +----+---------------+--------------------------------------+--------+-------------------------------+
> | id | name | uuid | vpc_id |
> description |
> +----+---------------+--------------------------------------+--------+-------------------------------+
> | 1 | default_deny | 28bf460a-bbfa-11e2-98e5-06d4460004b1 | 0 |
> Default Network ACL Deny All |
> | 2 | default_allow | 28bf6e50-bbfa-11e2-98e5-06d4460004b1 | 0 |
> Default Network ACL Allow All |
> +----+---------------+--------------------------------------+--------+-------------------------------+
> 2 rows in set (0.00 sec)
> mysql> select * from vpc \G
> *************************** 1. row ***************************
> id: 1
> uuid: 50b453d4-4d7f-4538-9466-922627ccab80
> name: Atoms-VPC-1
> display_text: Atoms-VPC-1
> cidr: 192.168.0.0/16
> vpc_offering_id: 1
> zone_id: 1
> state: Enabled
> domain_id: 1
> account_id: 3
> network_domain: atomsvpc1.lab.vmops.com
> removed: NULL
> created: 2013-05-13 21:44:15
> restart_required: 0
> 1 row in set (0.00 sec)
> mysql> select * from networks where id=206 \G
> *************************** 1. row ***************************
> id: 206
> name: Atoms-VPC-Net-1
> uuid: bcc163c5-c23f-4b47-a0c8-562b8460b3fe
> display_text: Atoms-VPC-Net-1
> traffic_type: Guest
> broadcast_domain_type: Vlan
> broadcast_uri: NULL
> gateway: 192.168.10.1
> cidr: 192.168.10.0/24
> mode: Dhcp
> network_offering_id: 11
> physical_network_id: 200
> data_center_id: 1
> guru_name: ExternalGuestNetworkGuru
> state: Allocated
> related: 206
> domain_id: 1
> account_id: 3
> dns1: NULL
> dns2: NULL
> guru_data: NULL
> set_fields: 0
> acl_type: Account
> network_domain: atomsvpc1.lab.vmops.com
> reservation_id: NULL
> guest_type: Isolated
> restart_required: 0
> created: 2013-05-14 20:25:44
> removed: NULL
> specify_ip_ranges: 0
> vpc_id: 1
> ip6_gateway: NULL
> ip6_cidr: NULL
> network_cidr: NULL
> display_network: 1
> network_acl_id: 1
> 1 row in set (0.00 sec)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
