I hit the same issue with the debian9-systemvmtemplate PR. Earlier, the egress traffic option used to accept 0.0.0.0/0.
- Rohit ________________________________ From: Nux! <n...@li.nux.ro> Sent: Friday, November 17, 2017 11:09:26 PM To: dev Subject: Re: egress fw problems in 4.10? Thanks Jayapal, Indeed, I checked and 0.0.0.0/0 is not there. When I tried to add it manually I got an error: ipset v6.12.1: The value of the CIDR parameter of the IP address is invalid Hash:net types will not accept 0 prefix, it's happy to accept 0.0.0.0/1 though, however I still can't do any egress except for ICMP ping for some reason. If I omit specifying a a dest CIDR, then I get trully unrestricted egress. I need to investigate some more when I get time, something's fishy. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro rohit.ya...@shapeblue.comĀ www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue ----- Original Message ----- > From: "Jayapal Uradi" <jayapal.ur...@accelerite.com> > To: "dev" <dev@cloudstack.apache.org> > Sent: Friday, 17 November, 2017 04:02:13 > Subject: Re: egress fw problems in 4.10? > Hi Nux, > > I think the the ipset for destination cidr is not configured with 0.0.0.0/0 > due > this you might see this issue. > Please check the ipset and iptables rules once. > > iptables -L -nv > ipset -L > > Thanks, > Jayapal > > >> On Nov 17, 2017, a t 6:55 AM, Nux! <n...@li.nux.ro> wrote: >> >> Hi, >> >> Just installed 4.10 today for a demo, but seems there are some problems with >> the >> egress rules in isolated networks. >> Is there anything wrong with this rule? ACS allows me to add it, but no >> outbound >> traffic is allowed at all. >> >> 10.1.1.0/24 0.0.0.0/0 All All All >> >> http://img.nux.ro/gL3-Selection_002.png >> >> If I replace 0.0.0.0/0 with a certain IP/32, then traffic works. >> >> >> Also, if I don't mention a destination cidr at all, outbound traffic also >> works, >> but the docs state 0.0.0.0/0 should be honoured as valid destination cidr. >> >> Any ideas? I know there was recent work done on egress recently, maybe >> related >> to that? >> >> Lucian >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! >> www.nux.ro > > DISCLAIMER > ========== > This e-mail may contain privileged and confidential information which is the > property of Accelerite, a Persistent Systems business. It is intended only for > the use of the individual or entity to which it is addressed. If you are not > the intended recipient, you are not authorized to read, retain, copy, print, > distribute or use this message. If you have received this communication in > error, please notify the sender and delete all copies of this message. > Accelerite, a Persistent Systems business does not accept any liability for > virus infected mails.
