Hi, We discussed that one yesterday and I already assigned the issue to myself on Jira. I will fix it.
Cheers, WIlder > On 30 Jul 2015, at 14:09, Sanjeev N <sanj...@apache.org> wrote: > > Agree with Kishan Kavala and Jayapal. > > On Thu, Jul 30, 2015 at 2:13 PM, Kishan Kavala <kishan.kav...@citrix.com> > wrote: > >> This is a security issue with high impact. >> We should treat it as a blocker. >> >> -----Original Message----- >> From: Jayapal Reddy Uradi [mailto:jayapalreddy.ur...@citrix.com] >> Sent: 30 July 2015 02:07 PM >> To: <dev@cloudstack.apache.org> <dev@cloudstack.apache.org> >> Subject: Re: [Blocker] Default ip table rules on VR >> >> I see VR ingress traffic is blocked by default from iptables mangle table. >> But on the guest interface all the traffic is accepted. >> Also egress firewall rule will break because of FORWARD policy. >> >> Thanks, >> Jayapal >> >> On 30-Jul-2015, at 12:53 PM, Jayapal Reddy Uradi < >> jayapalreddy.ur...@citrix.com> wrote: >> >>> >>> It is security concern on the VR. All the ingress traffic onto the VR is >> accepted. >>> Let it be blocker. >>> >>> Thanks, >>> Jayapal >>> >>> On 30-Jul-2015, at 12:28 PM, Daan Hoogland <daan.hoogl...@gmail.com> >>> wrote: >>> >>>> I changed it to critical. It is only a blocker if we agree on this >>>> list that it is. >>>> >>>> On Thu, Jul 30, 2015 at 6:44 AM, Sanjeev N <sanj...@apache.org> wrote: >>>>> Hi, >>>>> >>>>> In latest ACS builds, the ip table rules in VR have ACCEPT as the >>>>> default policy in INPUT and FORWARD chains, instead of DROP. >>>>> >>>>> Created a blocker bug for this issue >>>>> https://issues.apache.org/jira/browse/CLOUDSTACK-8688 >>>>> >>>>> Can somebody please fix it? >>>>> >>>>> Thanks, >>>>> Sanjeev >>>> >>>> >>>> >>>> -- >>>> Daan >>> >> >>
