[
https://issues.apache.org/jira/browse/CLOUDSTACK-9437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15392634#comment-15392634
]
ASF subversion and git services commented on CLOUDSTACK-9437:
-------------------------------------------------------------
Commit d302269fe53ca0d3ef4c7d4c51b28ce94d8a4847 in cloudstack's branch
refs/heads/master from [[email protected]]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=d302269 ]
CLOUDSTACK-9437: Create egress chain on upgrade and cleanup for allow all
traffic
- Ensure that FW_EGRESS_RULE chain exists after upgrading the router
- Flush allow all egress rule on 0.0.0.0/0, if such a rule exists in the config
it will be added later (CLOUDSTACK-9437)
> Outbound traffic fails to work after VR is upgraded to post 4.6+ release
> ------------------------------------------------------------------------
>
> Key: CLOUDSTACK-9437
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9437
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Affects Versions: 4.6.2, 4.7.1, 4.8.0, 4.8.1
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Priority: Blocker
>
> When CloudStack is upgraded to 4.6+ version, due to changes in script. The
> default iptables rules are saved at /etc/iptables/router_rules.{v4,v6}
> instead of the rules.{v4,v6} files. The cloud-early-config file uses the
> rules.v4 and rules file, which are copied from iptables-{router, etc.}
> templates.
> When CloudStack was upgrade from 4.3 to 4.6+ version, and VR template
> upgraded to a 4.6 template -- the rules.v4 file was copied from
> iptables-router template though the configure.py uses router_rules.v4 file
> which does not have the FW_EGRESS_RULES chain declared. Because of this the
> CsNetFilters fails to add the chain.
> Workaround that works -- after upgrading the router, restarting the network
> (without cleanup selected) fixes the issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
