Francois Scheurer created CLOUDSTACK-10043:

             Summary:  Egress Rule in VPC ACL broken
                 Key: CLOUDSTACK-10043
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Virtual Router, VPC
    Affects Versions:
         Environment: CS 4.9.2 with XenServer 6.5SP1
            Reporter: Francois Scheurer
            Priority: Blocker

The Network Offering of the VPC Tier has a Default Egress Policy = Deny.

Some Allow Rules exist in the ACL, but _ALL_ egress connections are possible.

Creating a Deny All rule explicit at the end of the rules is actually blocking 
ALL traffic (should not, because of the Allow rules).

The Iptables in the VR are wrong:
1)the allow rules are in wrong order.
2)some rules are in mangle table instead of filter

Thank you for your help

Francois Scheurer

This message was sent by Atlassian JIRA

Reply via email to