Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
4.10.0.0
-
None
-
Security Level: Public (Anyone can view this level - this is the default.)
-
None
Description
Repro steps
1.Create a vpc with super cidr(172.16.0.0/16)
2. created a custom acl with at least 3 ACL_OUTBOUND rules with number oder like 15, 10, 20
3. Create a tier with the above ACL
4.Deploy an instance in the tier
5.In router the ACL rules wont be as per the sequence number oder
Attachments
Issue Links
- links to
Activity
Commit 4f1539ee707c2d5cf48b454139b64998ddb484ac in cloudstack's branch refs/heads/master from yvsubhash
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=4f1539e ]
CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND in VPC VR (#2313)
(cherry picked from commit 60bec39b9ddb72c9badda49dc39c4105596bcb90)
Commit f250b3ae0cf7efeef486f15474b606299d17318e in cloudstack's branch refs/heads/master from yvsubhash
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=f250b3a ]
CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND in VPC VR (#2313)
(cherry picked from commit 60bec39b9ddb72c9badda49dc39c4105596bcb90)
Commit f250b3ae0cf7efeef486f15474b606299d17318e in cloudstack's branch refs/heads/4.10 from yvsubhash
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=f250b3a ]
CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND in VPC VR (#2313)
(cherry picked from commit 60bec39b9ddb72c9badda49dc39c4105596bcb90)
rhtyd commented on issue #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313#issuecomment-344822195
Thanks for merging @resmo however, let's wait for tests to come back before we merge PRs. I'll kick tests on the master/baseline smoketest PR #2289
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Commit 4f1539ee707c2d5cf48b454139b64998ddb484ac in cloudstack's branch refs/heads/4.10 from yvsubhash
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=4f1539e ]
CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND in VPC VR (#2313)
(cherry picked from commit 60bec39b9ddb72c9badda49dc39c4105596bcb90)
Commit f250b3ae0cf7efeef486f15474b606299d17318e in cloudstack's branch refs/heads/4.9 from yvsubhash
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=f250b3a ]
CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND in VPC VR (#2313)
(cherry picked from commit 60bec39b9ddb72c9badda49dc39c4105596bcb90)
blueorangutan commented on issue #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313#issuecomment-344530600
Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1254
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
resmo commented on issue #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313#issuecomment-344529623
cherry-picking to 4.9 and 4.10
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Commit 60bec39b9ddb72c9badda49dc39c4105596bcb90 in cloudstack's branch refs/heads/master from yvsubhash
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=60bec39 ]
CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND in VPC VR (#2313)
resmo closed pull request #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py
index 9c6c2e56772..035125e4fea 100755
— a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py
@@ -167,7 +167,7 @@ def compare(self, list):
cpy = cpy.replace('-A', '-I')
if isinstance(fw[1], int):
- if the rule is for ACLs, we want to insert them in order, right before the DROP all
- if rule_chain.startswith("ACL_INBOUND"):
+ if rule_chain.startswith("ACL_INBOUND") or rule_chain.startswith("ACL_OUTBOUND"):
rule_count = self.chain.get_count(rule_chain)
cpy = cpy.replace("-A %s" % new_rule.get_chain(), '-I %s %s' % (new_rule.get_chain(), rule_count))
else:
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
rhtyd commented on issue #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313#issuecomment-344525090
LGTM
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
blueorangutan commented on issue #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313#issuecomment-344524902
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
rhtyd commented on issue #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313#issuecomment-344524667
@blueorangutan package
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
blueorangutan commented on issue #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313#issuecomment-343488530
@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
rhtyd commented on issue #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313#issuecomment-343488265
@blueorangutan test
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
resmo commented on issue #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313#issuecomment-343399473
Related https://issues.apache.org/jira/browse/CLOUDSTACK-10043 we are verifying
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
blueorangutan commented on issue #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313#issuecomment-343212053
Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1234
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
blueorangutan commented on issue #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313#issuecomment-343199858
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
rhtyd commented on issue #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313#issuecomment-343199651
LGTM, pending testing.
@blueorangutan package
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
yvsubhash opened a new pull request #2313: CLOUDSTACK-10135 ACL rules order is not maintained for ACL_OUTBOUND i…
URL: https://github.com/apache/cloudstack/pull/2313
…n VPC VR
Repro steps
1.Create a vpc with super cidr(172.16.0.0/16)
2. created a custom acl with at least 3 ACL_OUTBOUND rules with number oder like 15, 10, 20
3. Create a tier with the above ACL
4.Deploy an instance in the tier
5.In router the ACL rules wont be as per the sequence number order
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
PR accepted