agronaught commented on PR #13173: URL: https://github.com/apache/cloudstack/pull/13173#issuecomment-4485273483
Done — pushed b89599bd8d. Tested on ACS 4.22.0.0 staging: **Routed Isolated v6 (IsolatedV6RoutedFiltered offering)**: BGP v6 sessions reach Established with both upstream peers, tenant /64 advertised, eth2 established/related counter active (81 packets / 9893 bytes at first observation). **Non-routed Isolated v6 (DualStack offering, VirtualRouter + SourceNat)**: fw_input contains lo/eth2/eth0 established/related rules identical to the routed case. Counter activity on eth2 (66 packets / 8369 bytes) confirms the rule is reached by real traffic. Without this expansion the chain would only contain the icmpv6 accept rules. Scope kept narrow per your suggestion: only the established/related rules, no mirror of v4's service-port rules (tcp/3922, tcp/8080). Note: fw_input ends up with the rules duplicated (lo + eth2 appear twice in the running chain). Same observed in v4 INPUT (3 copies of established,related there). Looks like a pre-existing post_config_change multi-call pattern, not introduced by this patch — happy to address separately if you'd like. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
