[jira] [Commented] (CLOUDSTACK-8650) When using security groups, adding an ingress rule for protocol "all" for source cidr 0.0.0.0/0 is impossible

Wed, 22 Jul 2015 00:23:17 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-8650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14636422#comment-14636422
 ] 

ASF GitHub Bot commented on CLOUDSTACK-8650:
--------------------------------------------

Github user resmo commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/601#discussion_r35187102
  
    --- Diff: scripts/vm/network/security_group.py ---
    @@ -860,8 +860,10 @@ def add_network_rules(vm_name, vm_id, vm_ip, 
signature, seqno, vmMac, rules, vif
                     for ip in ips:
                         execute("iptables -I " + vmchain + " -p icmp 
--icmp-type " + range + " " + direction + " " + ip + " -j "+ action)
     
    -        if allow_any and protocol != 'all':
    -            if protocol != 'icmp':
    +        if allow_any
    --- End diff --
    
    missing ":"


> When using security groups, adding an ingress rule for protocol "all" for 
> source cidr 0.0.0.0/0 is impossible
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-8650
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8650
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>            Reporter: Frank Louwers
>            Priority: Minor
>
> While it is possible to add ingress rules for tcp, udp and icmp for source 
> range 0.0.0.0/0, it is currently impossible to add a rule for protocol all 
> for source range 0.0.0.0/0.
> So these work (using eg cloudmonkey):
>   * authorize securitygroupingress securitygroupid=$id cidrlist="0.0.0.0/0" 
> protocol=tcp
>   * authorize securitygroupingress securitygroupid=$id cidrlist="0.0.0.0/0" 
> protocol=icmp
>   * authorize securitygroupingress securitygroupid=$id cidrlist="0.0.0.0/1" 
> protocol=all
>   * authorize securitygroupingress securitygroupid=$id cidrlist="128.0.0.0/1" 
> protocol=all
> But this doesn't work:
>   * authorize securitygroupingress securitygroupid=$id cidrlist="0.0.0.0/0" 
> protocol=all
> Fix is in https://github.com/apache/cloudstack/pull/601



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to