If you feel strongly about it, I'd file a feature enhancement for it. At least an api call that can restore the iptable rules. I'd also start a thread about it on dev and see if you can get people to upvote the ticket. I for one, would love to see that in cloudstack.
On Wed, Jun 26, 2013 at 11:20 AM, Nils Vogels <[email protected]> wrote: > One could argue that the CloudPortal should do this, since the host is > under the reign of CloudPortal ... ;) > > > On Wed, Jun 26, 2013 at 12:18 PM, Jayapal Reddy Uradi < > [email protected]> wrote: > > > Restart iptables logic is specific to host iptables. > > You can save (iptables-save) and restore (iptables-restore) to avoid > > config loss. > > > > Thanks, > > Jayapal > > > > > -----Original Message----- > > > From: WXR [mailto:[email protected]] > > > Sent: Wednesday, 26 June 2013 12:57 PM > > > To: users > > > Subject: Re:RE: Is this a bug? > > > > > > Why the rule set will lost after iptables restarting?How can I do to > > avoid it? > > > > > > > > > > > > > > > ------------------ Original ------------------ > > > From: "Jayapal Reddy Uradi"<[email protected]>; > > > Date: Wed, Jun 26, 2013 12:34 PM > > > To: "users"<[email protected]>; > > > > > > Subject: RE: Is this a bug? > > > > > > > > > > > > Hi, > > > > > > It is not a bug. > > > I think it is working as expected. > > > Please find my inline comments. > > > > > > Thanks, > > > Jayapal > > > > > > > -----Original Message----- > > > > From: WXR [mailto:[email protected]] > > > > Sent: Wednesday, 26 June 2013 7:16 AM > > > > To: users > > > > Subject: Is this a bug? > > > > > > > > cloudstack version: 4.1 > > > > > > > > network type: basic zone and basic network > > > > > > > > security group setting: > > > > Protocol Start Port End Port CIDR > > > > TCP 1 65535 0.0.0.0/0 > > > > UDP 1 65535 0.0.0.0/0 > > > > ICMP -1 -1 0.0.0.0/0 > > > > > > > > VM OS: windows > > > > > > > > 1.I can ping the vm and connect to it by rdp. > > > ICMP -1 -1 means allow icmp protocol all types and codes (255,255). > > > RDP uses tcp 3399, tcp all ports are opened. > > > So icmp and rdp are allowed to reach vm. > > > > 2.When I restart the iptables of the Host physical machine,I can not > > > > ping the vm,but I can still connect to it by rdp. > > > When you restart the iptables please make sure the cloudstack > configured > > > rules are set before checking the traffic. > > > RDP is working because the connection is in established state. > > > > > > > 3.When I delete the ICMP rule of security group and add the same rule > > > > again.I can ping the vm. > > > When you restart ipables rules, I think the icmp rule set by cloudstack > > is lost. > > > When you reconfigure the icmp rules on the Host is configured and > > traffic to > > > the vm is allowed. > > > > > > > > > . > > > > > > -- > Simple guidelines to happiness: > Work like you don't need the money, > Love like your heart has never been broken and > Dance like no one can see you. >
