[
https://issues.apache.org/jira/browse/CLOUDSTACK-10043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16121854#comment-16121854
]
Rafael Weingärtner commented on CLOUDSTACK-10043:
-------------------------------------------------
I use ACS 4.9.2 and so far I have not seen this error.
Have you re-created the VR using the new template?
when you say, "Creating a Deny All rule", are you talking about using ACS API?
or creating the rule directly in the VR?
> Egress Rule in VPC ACL broken
> ------------------------------
>
> Key: CLOUDSTACK-10043
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10043
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Virtual Router, VPC
> Affects Versions: 4.9.2.0
> Environment: CS 4.9.2 with XenServer 6.5SP1
> Reporter: Francois Scheurer
> Priority: Blocker
>
> The Network Offering of the VPC Tier has a Default Egress Policy = Deny.
> Some Allow Rules exist in the ACL, but _ALL_ egress connections are possible.
> Creating a Deny All rule explicit at the end of the rules is actually
> blocking ALL traffic (should not, because of the Allow rules).
> The Iptables in the VR are wrong:
> 1)the allow rules are in wrong order.
> 2)some rules are in mangle table instead of filter
> Do you know how to fix this?
> Thank you for your help.
> Francois Scheurer
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
