Hi; We made a test with 4.11 rc over Ubuntu16.04 KVM hosts and we noticed that there is a problem on setting & applying security group changes on KVM host.
All instances could ping vr and they could access internet but no one could access to the instances. I checked iptables rules and i noticed that iptables rules for vm is in all drop state for incoming packages while i gave access to all ingress and egress tcp/udp traffic ports for that instances. Below are iptables output for selected vm: Chain i-2-6-VM (1 references) target prot opt source destination DROP all -- anywhere anywhere Chain i-2-6-VM-eg (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain i-2-6-def (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-in vnet9 --physdev-is-bridged udp spt:bootpc dpt:bootps ACCEPT udp -- anywhere anywhere PHYSDEV match --physdev-out vnet9 --physdev-is-bridged udp spt:bootps dpt:bootpc DROP all -- anywhere anywhere PHYSDEV match --physdev-in vnet9 --physdev-is-bridged ! match-set i-2-6-VM src RETURN udp -- anywhere anywhere PHYSDEV match --physdev-in vnet9 --physdev-is-bridged match-set i-2-6-VM src udp dpt:domain RETURN tcp -- anywhere anywhere PHYSDEV match --physdev-in vnet9 --physdev-is-bridged match-set i-2-6-VM src tcp dpt:domain i-2-6-VM-eg all -- anywhere anywhere PHYSDEV match --physdev-in vnet9 --physdev-is-bridged match-set i-2-6-VM src i-2-6-VM all -- anywhere anywhere PHYSDEV match --physdev-out vnet9 --physdev-is-bridged All management and agent logs could be accessed from: http://51.15.199.7/4.11r1_Test_20190116.tgz Thanks Özhan
