Murali Reddy created CLOUDSTACK-9480: ----------------------------------------
Summary: Egress Firewall: Incorrect use of Allow/Deny for ICMP Key: CLOUDSTACK-9480 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9480 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Components: Network Controller Affects Versions: 4.9.0, 4.8.0, 4.7.1, 4.6.2 Reporter: Murali Reddy Assignee: Murali Reddy Fix For: 4.9.1 When 'default egress policy' is set to 'allow' in the network offering, any egress rule that is added will 'deny' the traffic overriding the default behaviour. Conversely, when 'default egress policy' is set to 'deny' in the network offering, any egress rule that is added will 'allow' the traffic overriding the default behaviour. While this works for 'tcp', 'udp' as expected, for 'icmp' protocol its always set to ALLOW. Egress firewall rule behaviour should be consistent for all the protocols. -- This message was sent by Atlassian JIRA (v6.3.4#6332)