> -----Original Message----- > From: Edison Su [mailto:edison...@citrix.com] > Sent: Friday, March 14, 2014 2:57 PM > To: dev@cloudstack.apache.org > Subject: RE: [VOTE] Apache CloudStack 4.3.0 (eighth round) > > Add a fix: e5c391fcf3852e50ebd99d4a72fd51d1753b05eb on 4.3-forward > branch. > I do see the rule coming on the kvm host: > > -A FORWARD -o cloudbr0 -m physdev --physdev-is-bridged -j BF-cloudbr0 -A > FORWARD -i cloudbr0 -m physdev --physdev-is-bridged -j BF-cloudbr0 -A > FORWARD -o cloudbr0 -j DROP -A FORWARD -i cloudbr0 -j DROP > > Animesh, could you cherry-pick it into 4.3?
[Animesh] Edison thanks for the fix. Can you also add tracking bug in JIRA for this issue. Nux do you mind pulling in Edison's commit and confirm the fix? > > -----Original Message----- > > From: Edison Su [mailto:edison...@citrix.com] > > Sent: Friday, March 14, 2014 1:59 PM > > To: dev@cloudstack.apache.org > > Subject: RE: [VOTE] Apache CloudStack 4.3.0 (eighth round) > > > > The following change will the be root cause: > > > > - refs = execute("iptables -n -L " + brfw + " |grep " + brfw + " | > > cut -d \( - > f2 > > | awk '{print $1}'").strip() > > + refs = execute("""iptables -n -L " + brfw + " | awk > > + '/%s(.*)references/ {gsub(/\(/, "") ;print $3}'""" % brfw).strip() > > > > In commit: 052bff15c6603877e7a0767993eb4675e9bd9ca8 > > > > The code should be > > + refs = execute("""iptables -n -L " + %s + " | awk > > + '/%s(.*)references/ {gsub(/\(/, "") ;print $3}'""" % (brfw, > > + brfw)).strip() > > > > > -----Original Message----- > > > From: Nux! [mailto:n...@li.nux.ro] > > > Sent: Friday, March 14, 2014 1:13 PM > > > To: dev@cloudstack.apache.org > > > Subject: RE: [VOTE] Apache CloudStack 4.3.0 (eighth round) > > > > > > On 14.03.2014 19:36, Edison Su wrote: > > > >> -----Original Message----- > > > >> From: Nux! [mailto:n...@li.nux.ro] > > > >> Sent: Friday, March 14, 2014 12:19 PM > > > >> To: dev@cloudstack.apache.org > > > >> Subject: RE: [VOTE] Apache CloudStack 4.3.0 (eighth round) > > > >> > > > >> On 14.03.2014 19:14, Edison Su wrote: > > > >>> Hi Nux, > > > >>> Could you post security group log file on your 4.3 kvm host? > > > >>> The file is @/var/log/cloudstack/agent/security_group.log > > > >> > > > >> Thanks Edison, but the problem went away once I replaced that > > > >> python script with > > > >> https://git-wip- > > > >> us.apache.org/repos/asf?p=cloudstack.git;a=blob_plain;f=scripts/v > > > >> m/ > > > >> ne > > > >> two > > > >> > > > > > > rk/security_group.py;h=0ac8b74a872d46b5def69be8df35e4fc49eb52b3;hb=0 > > > >> 898a264a5463b85c4cab3033f9c3161c5ef83f8 > > > > > > > > But the code is not for 4.3, right? > > > > I want to figure out, why 4.3 security group is broken. > > > > > > I think this is the key difference: > > > > > > -A FORWARD -o brbond0-540 -m physdev --physdev-is-bridged -j > > > BF-brbond0-540 > > > -A FORWARD -i brbond0-540 -m physdev --physdev-is-bridged -j > > > BF-brbond0-540 > > > -A FORWARD -o brbond0-540 -j DROP > > > -A FORWARD -i brbond0-540 -j DROP > > > > > > It's missing in the 4.3 and since FORWARD chain defaults to ACCEPT ... > > > I'll try to rollback to old script and send you the logs. > > > > > > Lucian > > > > > > -- > > > Sent from the Delta quadrant using Borg technology! > > > > > > Nux! > > > www.nux.ro
