On 13.03.2014 21:24, Animesh Chaturvedi wrote:
[Animesh] Did you see this with prior RC too?
[Animesh] Nux, security group support for advanced zone is limited
and that too was developed in 4.2. I don’t think any changes have been
made to that support since then. Can you call out what specific issue
are you seeing? Most likely it is pre-existing issue or not supported.
The functional spec from 4.2 is at [1] and I don’t know if all that
is called out is implemented or not, adding Anthony and Chiradeep to
the thread for further comments
[1]
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Isolation+based+on+Security+Groups+in+Advance+zone
I could replicate this problem on a clean hypervisor. The security
groups seem broken on KVM/CentOS.
It looks like the traffic doesn't go in the right chains, all traffic
is accepted as FORWARD is set to ACCEPT.
There are zero packets going through BF-breth0-109.
Here's outputs from:
iptables-save: http://paste.fedoraproject.org/85337/47982321/raw/
ebatables-save: http://paste.fedoraproject.org/85338/79831713/raw/
ipset -L: http://paste.fedoraproject.org/85339/79832613/raw/
I will install 4.2.1 as that one was working and try to compare the
outputs.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
