[
https://issues.apache.org/jira/browse/CLOUDSTACK-4913?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sheng Yang resolved CLOUDSTACK-4913.
------------------------------------
Resolution: Fixed
Fix Version/s: 4.3.0
Notice, this patch would only avoid enabling part of ebtables/iptables, but for
the existed rules(e.g. used host), it won't clean them up.
> Disable security group for bridge mode non-security group zone
> --------------------------------------------------------------
>
> Key: CLOUDSTACK-4913
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4913
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Network Controller
> Affects Versions: 4.2.0
> Reporter: Sheng Yang
> Assignee: Sheng Yang
> Priority: Critical
> Fix For: 4.2.1, 4.3.0
>
>
> Currently, if XenServer is switching to bridge mode, CloudStack would
> automatically enable security group(apply all kinds of security group rules
> e.g. iptables and ebtables on it). But at the time, it wouldn't check if the
> zone is security group enabled or not.
> If user want to use bridge mode with isolated network(RvR especially), it
> would have trouble because security group rules would prevent broadcast from
> working.
> We need to stop applying security group rules if it's not security group
> enabled zone.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
