Francois Scheurer created CLOUDSTACK-10043:
----------------------------------------------
Summary: Egress Rule in VPC ACL broken
Key: CLOUDSTACK-10043
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10043
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Virtual Router, VPC
Affects Versions: 4.9.2.0
Environment: CS 4.9.2 with XenServer 6.5SP1
Reporter: Francois Scheurer
Priority: Blocker
The Network Offering of the VPC Tier has a Default Egress Policy = Deny.
Some Allow Rules exist in the ACL, but _ALL_ egress connections are possible.
Creating a Deny All rule explicit at the end of the rules is actually blocking
ALL traffic (should not, because of the Allow rules).
The Iptables in the VR are wrong:
1)the allow rules are in wrong order.
2)some rules are in mangle table instead of filter
Thank you for your help
Francois Scheurer
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
