weizhouapache opened a new issue, #13122: URL: https://github.com/apache/cloudstack/issues/13122
### Discussed in https://github.com/apache/cloudstack/discussions/13113 <div type='discussions-op-text'> <sup>Originally posted by **mwaag** May 7, 2026</sup> Hi, we noticed cloudstack let you successfully define ACL-Ingress-Rules for TCP (and UDP) without setting a start- and endport. Many of our users (even we) assumed, that it stands for 'all ports'. But instead the router keeps on blocking traffic. (We didn't test this on UDP explicitly) We know, we can workaround this with just setting start- and endports or use protocol: All Is this expected behaviour or should this be handled as a bug? (We probably would suggest to either restrict defining rules without setting start- and endports at all or treat this kind of rules as "all ports" - rule) Tested Versions are: 4.18.2.4 4.20.3.0 <img width="644" height="574" alt="10_03_08-000372" src="https://github.com/user-attachments/assets/8e30ee61-1e84-404f-a5e0-311bc401fba6"; /> <img width="1597" height="550" alt="10_04_13-000374" src="https://github.com/user-attachments/assets/96abd943-63a7-4b72-a797-8d181f3da53b"; /> </div> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
