[ https://issues.apache.org/jira/browse/CLOUDSTACK-10043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16249510#comment-16249510 ]
René Moser commented on CLOUDSTACK-10043: ----------------------------------------- fixed by https://github.com/apache/cloudstack/pull/2313 > Egress Rule in VPC ACL broken > ------------------------------ > > Key: CLOUDSTACK-10043 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10043 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Virtual Router, VPC, XenServer > Affects Versions: 4.9.2.0 > Environment: Cloudstack 4.9.2.0 > XenServer 6.5SP1 > Zone with Advanced Network > Reporter: Francois Scheurer > Assignee: René Moser > Priority: Blocker > > The Network Offering of the VPC Tier has a Default Egress Policy = Deny. > Some Allow Rules exist in the ACL, but _ALL_ egress connections are possible. > Creating a Deny All rule explicit at the end of the rules is actually > blocking ALL traffic (should not, because of the Allow rules). > The Iptables in the VR are wrong: > 1) the allow & deny rules are in wrong order. > 2) some rules are in mangle table instead of filter > Do you know how to fix this? > Thank you for your help. > Francois Scheurer -- This message was sent by Atlassian JIRA (v6.4.14#64029)