[
https://issues.apache.org/jira/browse/CLOUDSTACK-4913?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13804495#comment-13804495
]
Sheng Yang commented on CLOUDSTACK-4913:
----------------------------------------
Patch ready. In testing.
> Disable security group for bridge mode non-security group zone
> --------------------------------------------------------------
>
> Key: CLOUDSTACK-4913
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4913
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Network Controller
> Affects Versions: 4.2.0
> Reporter: Sheng Yang
> Assignee: Sheng Yang
> Priority: Critical
> Fix For: 4.2.1
>
>
> Currently, if XenServer is switching to bridge mode, CloudStack would
> automatically enable security group(apply all kinds of security group rules
> e.g. iptables and ebtables on it). But at the time, it wouldn't check if the
> zone is security group enabled or not.
> If user want to use bridge mode with isolated network(RvR especially), it
> would have trouble because security group rules would prevent broadcast from
> working.
> We need to stop applying security group rules if it's not security group
> enabled zone.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
