I have tested with CS 4.9.0 and it is not applied. Let's see if will be available on 4.9.1
Thanks for your help -- David Amorín Director [email protected] T. 91 133 18 99 Ext. 151 M. 626 94 95 88 -----Mensaje original----- > De: "Pierre-Luc Dion" <[email protected]> > A: [email protected] > Cc: "David Amorín" <[email protected]>, "Patrick Dube 2" > <[email protected]> > Fecha: 26/10/2016 00:22 > Asunto: Re: Re[7]: Network ACL rules in VPCs are applied in an inverted order > (CLOUDSTACK-9404) > > Hi David, > > Yes its a known issue. It has been fixed, i thought in 4.9, maybe the PR > has not been process yet? > > On Oct 25, 2016 10:46, "Simon Weller" <[email protected]> wrote: > > David, > > > Can you post your question to the dev list? > > You're more likely to get a response there. > > > - Si > > > ________________________________ > From: David Amorín <[email protected]> > Sent: Tuesday, October 25, 2016 9:23 AM > To: [email protected]; [email protected] > Subject: Re[7]: Network ACL rules in VPCs are applied in an inverted order > (CLOUDSTACK-9404) > > Sorry to bring up an old question, just want to ask again if somebody > can confirm this issue (inverted order of the ACL rules) with CS 4.9 and > VPC router version 4.6 > > Thanks, > > David > > ------ Mensaje original ------ > De: "David Amorín" <[email protected]> > Para: "[email protected]" <[email protected]> > Enviado: 17/10/2016 11:16:03 > Asunto: Re[6]: Network ACL rules in VPCs are applied in an inverted > order (CLOUDSTACK-9404) > > >Hi , > >I did a couple of tests more and i can confirm the issue > >(CLOUDSTACK-9404) still happens with the version CS 4.9 using the VPC > >router version 4.6 > > > >See an example: > > > >I have an egress rules like following: > >Rule number: 101CIDR: 8.8.8.8/32Action: Allow, Traffic Type: > >EgressProtocol: ICMP, ICMPtype: -1, ICMPCode: -1 > > > >Then I add this rule: > >Rule number: 1002CIDR: 0.0.0.0/0Action: Deny, Traffic Type: > >EgressProtocol: ALL > > > >Checking the VR, in file /etc/iptables/router_rules.v4, the rules are > >applied in wrong order: > >-A ACL_OUTBOUND_eth2 -d 224.0.0.18/32 -j ACCEPT > >-A ACL_OUTBOUND_eth2 -d 225.0.0.50/32 -j ACCEPT > >-A ACL_OUTBOUND_eth2 -j DROP > >-A ACL_OUTBOUND_eth2 -d 8.8.8.8/32 -p icmp -m icmp --icmp-type any -j > >ACCEPT > > > > > >But then if i restart the VPC and clean up, I check again iptables and > >now is correct order: > >-A ACL_OUTBOUND_eth2 -d 224.0.0.18/32 -j ACCEPT > >-A ACL_OUTBOUND_eth2 -d 225.0.0.50/32 -j ACCEPT > >-A ACL_OUTBOUND_eth2 -d 8.8.8.8/32 -p icmp -m icmp --icmp-type any -j > >ACCEPT > >-A ACL_OUTBOUND_eth2 -j DROP > > > >Is the VPC rotuer version 4.6 the latest one? > > > >I really apprecciate if somebody else can confirm this issue > > > >Best, > > > >David > > > >------ Mensaje original ------ > >De: "Simon Weller" <[email protected]> > >Para: "[email protected]" <[email protected]>; > >"David Amorín" <[email protected]> > >Enviado: 05/10/2016 18:35:48 > >Asunto: Re: Re[4]: Network ACL rules in VPCs are applied in an inverted > >order (CLOUDSTACK-9404) > > > >>Try doing a restart with network cleanup and see if that fixes your > >>problem. The fixes are in the system iso and that will required a > >>redeploy. > >> > >> > >> > >>- Si > >> > >> > >>---------------------------------------------------------- > ---------------------- > >>From: David Amorín <[email protected]> > >>Sent: Wednesday, October 5, 2016 11:18 AM > >>To: Simon Weller; [email protected] > >>Subject: Re[4]: Network ACL rules in VPCs are applied in an inverted > >>order (CLOUDSTACK-9404) > >> > >>Yes, we did the upgrade from 4.5.2 to 4.9.0 > >> > >> > >> > >> > >>------ Mensaje original ------ > >>De: "Simon Weller" <[email protected]> > >>Para: "[email protected]" <[email protected]>; > >>"David Amorín" <[email protected]> > >>Enviado: 05/10/2016 18:11:26 > >>Asunto: Re: Re[2]: Network ACL rules in VPCs are applied in an > >>inverted order (CLOUDSTACK-9404) > >> > >>>Was this an upgrade from an older release? > >>> > >>> > >>> > >>>--------------------------------------------------------- > ----------------------- > >>>From: David Amorín <[email protected]> > >>>Sent: Wednesday, October 5, 2016 10:11 AM > >>>To:[email protected] > >>>Subject: Re[2]: Network ACL rules in VPCs are applied in an inverted > >>>order (CLOUDSTACK-9404) > >>> > >>>We are running 4.9.0 and we are still facing the issues of the ACL > >>>Rules > >>>(CLOUDSTACK-9404) > >>> > >>> > >>> > >>>------ Mensaje original ------ > >>>De: "Simon Weller" <[email protected]> > >>>Para: "[email protected]" <[email protected]>; > >>>"David Amorín" <[email protected]> > >>>Enviado: 04/10/2016 18:02:22 > >>>Asunto: Re: Network ACL rules in VPCs are applied in an inverted > >>>order > >>>(CLOUDSTACK-9404) > >>> > >>> >David, > >>> > > >>> > > >>> >What version are you currently running? > >>> > > >>> > > >>> >I believe 2 patches got into 4.9.0 related to this. #1581 and #1616. > >>> > > >>> > > >>> >At least #1581 was also merged into 4.8.x for the next point > >>>release. > >>> > > >>> > > >>> >- Si > >>> > > >>> >________________________________ > >>> >From: David Amorín <[email protected]> > >>> >Sent: Tuesday, October 4, 2016 10:47 AM > >>> >To: [email protected] > >>> >Subject: Network ACL rules in VPCs are applied in an inverted order > >>> >(CLOUDSTACK-9404) > >>> > > >>> >Hi all, > >>> >I see this bug is already resolved > >>> > > >>> >https://issues.apache.org/jira/browse/CLOUDSTACK-9404 > >>> >[CLOUDSTACK-9404] Network ACL rules in VPCs are applied in > >>> >...<https://issues.apache.org/jira/browse/CLOUDSTACK-9404> > >>> >issues.apache.org > >>> >Linked Applications. Loading... Dashboards > >>> > > >>> > > >>> > > >>> > > >>> >Do you know if will be available on 4.9.1? > >>> > > >>> >Thanks > >>> > > >>> >David > >>> > > >>> > > >>> > > >>> > > >>> > > >>>
