Re: Review Request 12934: Tests for egress firewall rules for advance zone

Jayapal Reddy Fri, 26 Jul 2013 05:29:34 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/12934/#review23939
-----------------------------------------------------------




test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47783>

    Please add network offering details also here.
    
    #1. deploy VM using network offering with egress policy true  



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47782>

    Created network offering with egress policy True. That means by default all 
the guest traffic is allowed. If you create egress rules (ex: icmp) then the 
icmp traffic is blocked.
    
    So #4. Public Network should be reachable from the VM



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47784>

    I gone through the your test cases. I think you bit confused on the egress 
default policy and rules
    . 
    Please update you test cases and test case comments as per below.
    
    1. Network offering with egress_policy = true.
      - By default guest network traffic is allowed.
      - Egress rules traffic will be blocked and other traffic is allowed Ex: 
if you create egress rule for icmp traffic then except icmp other traffic is 
allowed.
    
       - Rules with DROP target added. 
         -A FW_EGRESS_RULES -p icmp -j DROP
    
    2. Network offering with egress_policy = false
       - By default the guest network traffic is blocked.
       - Egress rule traffic is allowed. If you create egress rule with icmp 
protocol then except icmp other traffic is blocked.
       -Rules added with target ACCEPT.
        -A FW_EGRESS_RULES -p icmp -j ACCPT
    
    
    
    The CIDR in the egress rules is guest network cidr. The traffic 
allowed/blocked for guest network CIDR. CIDR is not Public/destination network 
cidr.
    
    
    



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47785>

    In egress the CIDR is source CIDR (guest network CIDR). If you don't 
mention the CIDR it will take the default guest network CIDR.
    
    Egress compares the source CIDR.
    


- Jayapal Reddy


On July 26, 2013, 6:27 a.m., Ashutosh Kelkar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/12934/
> -----------------------------------------------------------
> 
> (Updated July 26, 2013, 6:27 a.m.)
> 
> 
> Review request for cloudstack, Girish Shilamkar, Jayapal Reddy, and Prasanna 
> Santhanam.
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> -------
> 
> Tests for egress firewall rules for advance zone.
> 
> 
> Diffs
> -----
> 
>   test/integration/component/test_egress_fw_rules.py PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/12934/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Ashutosh Kelkar
> 
>

Re: Review Request 12934: Tests for egress firewall rules for advance zone

Reply via email to