Sorry to bring up an old question, just want to ask again if somebody
can confirm this issue (inverted order of the ACL rules) with CS 4.9 and
VPC router version 4.6
Thanks,
David
------ Mensaje original ------
De: "David Amorín" <[email protected]>
Para: "[email protected]" <[email protected]>
Enviado: 17/10/2016 11:16:03
Asunto: Re[6]: Network ACL rules in VPCs are applied in an inverted
order (CLOUDSTACK-9404)
Hi ,
I did a couple of tests more and i can confirm the issue
(CLOUDSTACK-9404) still happens with the version CS 4.9 using the VPC
router version 4.6
See an example:
I have an egress rules like following:
Rule number: 101CIDR: 8.8.8.8/32Action: Allow, Traffic Type:
EgressProtocol: ICMP, ICMPtype: -1, ICMPCode: -1
Then I add this rule:
Rule number: 1002CIDR: 0.0.0.0/0Action: Deny, Traffic Type:
EgressProtocol: ALL
Checking the VR, in file /etc/iptables/router_rules.v4, the rules are
applied in wrong order:
-A ACL_OUTBOUND_eth2 -d 224.0.0.18/32 -j ACCEPT
-A ACL_OUTBOUND_eth2 -d 225.0.0.50/32 -j ACCEPT
-A ACL_OUTBOUND_eth2 -j DROP
-A ACL_OUTBOUND_eth2 -d 8.8.8.8/32 -p icmp -m icmp --icmp-type any -j
ACCEPT
But then if i restart the VPC and clean up, I check again iptables and
now is correct order:
-A ACL_OUTBOUND_eth2 -d 224.0.0.18/32 -j ACCEPT
-A ACL_OUTBOUND_eth2 -d 225.0.0.50/32 -j ACCEPT
-A ACL_OUTBOUND_eth2 -d 8.8.8.8/32 -p icmp -m icmp --icmp-type any -j
ACCEPT
-A ACL_OUTBOUND_eth2 -j DROP
Is the VPC rotuer version 4.6 the latest one?
I really apprecciate if somebody else can confirm this issue
Best,
David
------ Mensaje original ------
De: "Simon Weller" <[email protected]>
Para: "[email protected]" <[email protected]>;
"David Amorín" <[email protected]>
Enviado: 05/10/2016 18:35:48
Asunto: Re: Re[4]: Network ACL rules in VPCs are applied in an inverted
order (CLOUDSTACK-9404)
Try doing a restart with network cleanup and see if that fixes your
problem. The fixes are in the system iso and that will required a
redeploy.
- Si
--------------------------------------------------------------------------------
From: David Amorín <[email protected]>
Sent: Wednesday, October 5, 2016 11:18 AM
To: Simon Weller; [email protected]
Subject: Re[4]: Network ACL rules in VPCs are applied in an inverted
order (CLOUDSTACK-9404)
Yes, we did the upgrade from 4.5.2 to 4.9.0
------ Mensaje original ------
De: "Simon Weller" <[email protected]>
Para: "[email protected]" <[email protected]>;
"David Amorín" <[email protected]>
Enviado: 05/10/2016 18:11:26
Asunto: Re: Re[2]: Network ACL rules in VPCs are applied in an
inverted order (CLOUDSTACK-9404)
Was this an upgrade from an older release?
--------------------------------------------------------------------------------
From: David Amorín <[email protected]>
Sent: Wednesday, October 5, 2016 10:11 AM
To:[email protected]
Subject: Re[2]: Network ACL rules in VPCs are applied in an inverted
order (CLOUDSTACK-9404)
We are running 4.9.0 and we are still facing the issues of the ACL
Rules
(CLOUDSTACK-9404)
------ Mensaje original ------
De: "Simon Weller" <[email protected]>
Para: "[email protected]" <[email protected]>;
"David Amorín" <[email protected]>
Enviado: 04/10/2016 18:02:22
Asunto: Re: Network ACL rules in VPCs are applied in an inverted
order
(CLOUDSTACK-9404)
>David,
>
>
>What version are you currently running?
>
>
>I believe 2 patches got into 4.9.0 related to this. #1581 and #1616.
>
>
>At least #1581 was also merged into 4.8.x for the next point
release.
>
>
>- Si
>
>________________________________
>From: David Amorín <[email protected]>
>Sent: Tuesday, October 4, 2016 10:47 AM
>To: [email protected]
>Subject: Network ACL rules in VPCs are applied in an inverted order
>(CLOUDSTACK-9404)
>
>Hi all,
>I see this bug is already resolved
>
>https://issues.apache.org/jira/browse/CLOUDSTACK-9404
>[CLOUDSTACK-9404] Network ACL rules in VPCs are applied in
>...<https://issues.apache.org/jira/browse/CLOUDSTACK-9404>
>issues.apache.org
>Linked Applications. Loading... Dashboards
>
>
>
>
>Do you know if will be available on 4.9.1?
>
>Thanks
>
>David
>
>
>
>
>
