GitHub user mwaag created a discussion: ACL-Rule Behaviour for TCP/UDP-Protocol without start- and endport
Hi, we noticed cloudstack let you successfully define ACL-Ingress-Rules for TCP (and UDP) without setting a start- and endport. Many of our users (even we) assumed, that it stands for 'all ports'. But instead the router keeps on blocking traffic. (We didn't test this on UDP explicitly) We know, we can workaround this with just setting start- and endports or use protocol: All Is this expected behaviour or should this be handled as a bug? (We probably would suggest to either restrict defining rules without setting start- and endports at all or treat this kind of rules as "all ports" - rule) Tested Versions are: 4.18.2.4 4.20.3.0 <img width="644" height="574" alt="10_03_08-000372" src="https://github.com/user-attachments/assets/8e30ee61-1e84-404f-a5e0-311bc401fba6"; /> <img width="1597" height="550" alt="10_04_13-000374" src="https://github.com/user-attachments/assets/96abd943-63a7-4b72-a797-8d181f3da53b"; /> GitHub link: https://github.com/apache/cloudstack/discussions/13113 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
