Hi, The network acl feature is implemented through iptables and ipset. If you have related knowledge and like to investigate the issue, it would be nice.
Wei On Saturday, 2 October 2021, vas...@gmx.de <vas...@gmx.de> wrote: > I can do. But before raising "issues" I normally try to confirm that my > issue is to some degree valid. As my knowledge on how and where Cloudstack > is working with the configured ACLs is at the moment quiet shallow, i will > need to try out some things beforehand I guess.... > > Wei ZHOU <ustcweiz...@gmail.com> schrieb am Sa., 2. Okt. 2021, 08:50: > > > Hi, > > > > Could you create an issue on github and provide more details ? > > > > -Wei > > > > On Sat, 2 Oct 2021 at 02:31, vas...@gmx.de <vas...@gmx.de> wrote: > > > > > Hi everyone, > > > > > > i currently am looking into the ACL implemention used in VPCs. > > > > > > However i was not able to locate any of my created "egress" - entries > in > > > any of the chains / tables on the router. > > > Tried several things like deny / allow egress traffic for one client or > > the > > > whole tier, but i wasn't able to locate the changes on the router. > > > > > > Might one of you can give some where to look / locate egress related > > rules > > > in iptables? > > > > > > In this context, maybe someone can give me an idea if my understanding > of > > > the documentation regarding egress ACL items is correct. > > > From the docs: > > > " ... once you add an ACL rule for outgoing traffic, then only outgoing > > > traffic specified in this ACL rule is allowed, the rest is blocked." > > > so adding an "eggress + allow" for an instance in the tier shall result > > in > > > changeing the "default" of the whole acl to "egress + deny" for the > rest > > > of the network automatically. > > > is that correct? > > > > > > Thanks in advance! > > > > > >
