Hi ,
I did a couple of tests more and i can confirm the issue
(CLOUDSTACK-9404) still happens with the version CS 4.9 using the VPC
router version 4.6
See an example:
I have an egress rules like following:
Rule number: 101CIDR: 8.8.8.8/32Action: Allow, Traffic Type:
EgressProtocol: ICMP, ICMPtype: -1, ICMPCode: -1
Then I add this rule:
Rule number: 1002CIDR: 0.0.0.0/0Action: Deny, Traffic Type:
EgressProtocol: ALL
Checking the VR, in file /etc/iptables/router_rules.v4, the rules are
applied in wrong order:
-A ACL_OUTBOUND_eth2 -d 224.0.0.18/32 -j ACCEPT
-A ACL_OUTBOUND_eth2 -d 225.0.0.50/32 -j ACCEPT
-A ACL_OUTBOUND_eth2 -j DROP
-A ACL_OUTBOUND_eth2 -d 8.8.8.8/32 -p icmp -m icmp --icmp-type any -j
ACCEPT
But then if i restart the VPC and clean up, I check again iptables and
now is correct order:
-A ACL_OUTBOUND_eth2 -d 224.0.0.18/32 -j ACCEPT
-A ACL_OUTBOUND_eth2 -d 225.0.0.50/32 -j ACCEPT
-A ACL_OUTBOUND_eth2 -d 8.8.8.8/32 -p icmp -m icmp --icmp-type any -j
ACCEPT
-A ACL_OUTBOUND_eth2 -j DROP
Is the VPC rotuer version 4.6 the latest one?
I really apprecciate if somebody else can confirm this issue
Best,
David
------ Mensaje original ------
De: "Simon Weller" <[email protected]>
Para: "[email protected]" <[email protected]>;
"David Amorín" <[email protected]>
Enviado: 05/10/2016 18:35:48
Asunto: Re: Re[4]: Network ACL rules in VPCs are applied in an inverted
order (CLOUDSTACK-9404)
Try doing a restart with network cleanup and see if that fixes your
problem. The fixes are in the system iso and that will required a
redeploy.
- Si
--------------------------------------------------------------------------------
From: David Amorín <[email protected]>
Sent: Wednesday, October 5, 2016 11:18 AM
To: Simon Weller; [email protected]
Subject: Re[4]: Network ACL rules in VPCs are applied in an inverted
order (CLOUDSTACK-9404)
Yes, we did the upgrade from 4.5.2 to 4.9.0
------ Mensaje original ------
De: "Simon Weller" <[email protected]>
Para: "[email protected]" <[email protected]>;
"David Amorín" <[email protected]>
Enviado: 05/10/2016 18:11:26
Asunto: Re: Re[2]: Network ACL rules in VPCs are applied in an inverted
order (CLOUDSTACK-9404)
Was this an upgrade from an older release?
--------------------------------------------------------------------------------
From: David Amorín <[email protected]>
Sent: Wednesday, October 5, 2016 10:11 AM
To:[email protected]
Subject: Re[2]: Network ACL rules in VPCs are applied in an inverted
order (CLOUDSTACK-9404)
We are running 4.9.0 and we are still facing the issues of the ACL
Rules
(CLOUDSTACK-9404)
------ Mensaje original ------
De: "Simon Weller" <[email protected]>
Para: "[email protected]" <[email protected]>;
"David Amorín" <[email protected]>
Enviado: 04/10/2016 18:02:22
Asunto: Re: Network ACL rules in VPCs are applied in an inverted order
(CLOUDSTACK-9404)
>David,
>
>
>What version are you currently running?
>
>
>I believe 2 patches got into 4.9.0 related to this. #1581 and #1616.
>
>
>At least #1581 was also merged into 4.8.x for the next point release.
>
>
>- Si
>
>________________________________
>From: David Amorín <[email protected]>
>Sent: Tuesday, October 4, 2016 10:47 AM
>To: [email protected]
>Subject: Network ACL rules in VPCs are applied in an inverted order
>(CLOUDSTACK-9404)
>
>Hi all,
>I see this bug is already resolved
>
>https://issues.apache.org/jira/browse/CLOUDSTACK-9404
>[CLOUDSTACK-9404] Network ACL rules in VPCs are applied in
>...<https://issues.apache.org/jira/browse/CLOUDSTACK-9404>
>issues.apache.org
>Linked Applications. Loading... Dashboards
>
>
>
>
>Do you know if will be available on 4.9.1?
>
>Thanks
>
>David
>
>
>
>
>
