[
https://issues.apache.org/jira/browse/CLOUDSTACK-8925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14987036#comment-14987036
]
ASF GitHub Bot commented on CLOUDSTACK-8925:
--------------------------------------------
Github user wilderrodrigues commented on the pull request:
https://github.com/apache/cloudstack/pull/1023#issuecomment-153309653
More test results. It did not break existing functionality, but still I
will fix the one @karuturi found.
Cheers,
Wilder
```
test_privategw_acl (integration.smoke.test_privategw_acl.TestPrivateGwACL)
... === TestName: test_privategw_acl | Status : SUCCESS ===
ok
Test reset virtual machine on reboot ... === TestName:
test_01_reset_vm_on_reboot | Status : SUCCESS ===
ok
Test to create service offering ... === TestName:
test_01_create_service_offering | Status : SUCCESS ===
ok
Test to update existing service offering ... === TestName:
test_02_edit_service_offering | Status : SUCCESS ===
ok
Test to delete service offering ... === TestName:
test_03_delete_service_offering | Status : SUCCESS ===
ok
Test create VPC offering ... === TestName: test_01_create_vpc_offering |
Status : SUCCESS ===
ok
Test VPC offering without load balancing service ... === TestName:
test_03_vpc_off_without_lb | Status : SUCCESS ===
ok
Test VPC offering without static NAT service ... === TestName:
test_04_vpc_off_without_static_nat | Status : SUCCESS ===
ok
Test VPC offering without port forwarding service ... === TestName:
test_05_vpc_off_without_pf | Status : SUCCESS ===
ok
Test VPC offering with invalid services ... === TestName:
test_06_vpc_off_invalid_services | Status : SUCCESS ===
ok
Test update VPC offering ... === TestName: test_07_update_vpc_off | Status
: SUCCESS ===
ok
Test list VPC offering ... === TestName: test_08_list_vpc_off | Status :
SUCCESS ===
ok
test_09_create_redundant_vpc_offering
(integration.component.test_vpc_offerings.TestVPCOffering) ... === TestName:
test_09_create_redundant_vpc_offering | Status : SUCCESS ===
ok
----------------------------------------------------------------------
Ran 13 tests in 3403.790s
OK
/tmp//MarvinLogs/test_vpc_offerings_6W7KGH/results.txt (END)
```
> Default allow for Egress rules is not being configured properly in VR
> iptables rules
> ------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-8925
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8925
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Virtual Router
> Affects Versions: 4.6.0
> Reporter: Pavan Kumar Bandarupally
> Assignee: Wilder Rodrigues
> Priority: Blocker
> Fix For: 4.6.0
>
>
> When we create a network with Egress rules set to default allow, the rules
> created in FW_OUTBOUND table should have a reference to FW_EGRESS_RULES chain
> which has a rule to accept NEW packets from the guest instances. Without that
> rule only RELATED , ESTABLISHED rule in FW_OUTBOUND chain will result in Drop
> of packets.
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> 44 2832 NETWORK_STATS all -- * * 0.0.0.0/0
> 0.0.0.0/0
> 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0
> state RELATED,ESTABLISHED
> 0 0 ACCEPT all -- eth0 eth0 0.0.0.0/0 0.0.0.0/0
> state NEW
> 4 336 ACCEPT all -- eth2 eth0 0.0.0.0/0 0.0.0.0/0
> state RELATED,ESTABLISHED
> 0 0 ACCEPT all -- eth0 eth0 0.0.0.0/0 0.0.0.0/0
> state RELATED,ESTABLISHED
> 40 2496 FW_OUTBOUND all -- eth0 eth2 0.0.0.0/0
> 0.0.0.0/0
> Chain OUTPUT (policy ACCEPT 20 packets, 1888 bytes)
> pkts bytes target prot opt in out source
> destination
> 2498 369K NETWORK_STATS all -- * * 0.0.0.0/0
> 0.0.0.0/0
> Chain FIREWALL_EGRESS_RULES (0 references)
> pkts bytes target prot opt in out source
> destination
> Chain FW_OUTBOUND (1 references)
> pkts bytes target prot opt in out source
> destination
> 3 252 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
> state RELATED,ESTABLISHED
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
