I can do. But before raising "issues" I normally try to confirm that my issue is to some degree valid. As my knowledge on how and where Cloudstack is working with the configured ACLs is at the moment quiet shallow, i will need to try out some things beforehand I guess....
Wei ZHOU <ustcweiz...@gmail.com> schrieb am Sa., 2. Okt. 2021, 08:50: > Hi, > > Could you create an issue on github and provide more details ? > > -Wei > > On Sat, 2 Oct 2021 at 02:31, vas...@gmx.de <vas...@gmx.de> wrote: > > > Hi everyone, > > > > i currently am looking into the ACL implemention used in VPCs. > > > > However i was not able to locate any of my created "egress" - entries in > > any of the chains / tables on the router. > > Tried several things like deny / allow egress traffic for one client or > the > > whole tier, but i wasn't able to locate the changes on the router. > > > > Might one of you can give some where to look / locate egress related > rules > > in iptables? > > > > In this context, maybe someone can give me an idea if my understanding of > > the documentation regarding egress ACL items is correct. > > From the docs: > > " ... once you add an ACL rule for outgoing traffic, then only outgoing > > traffic specified in this ACL rule is allowed, the rest is blocked." > > so adding an "eggress + allow" for an instance in the tier shall result > in > > changeing the "default" of the whole acl to "egress + deny" for the rest > > of the network automatically. > > is that correct? > > > > Thanks in advance! > > >
