Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
4.2.0
-
Security Level: Public (Anyone can view this level - this is the default.)
-
None
Description
Currently, if XenServer is switching to bridge mode, CloudStack would automatically enable security group(apply all kinds of security group rules e.g. iptables and ebtables on it). But at the time, it wouldn't check if the zone is security group enabled or not.
If user want to use bridge mode with isolated network(RvR especially), it would have trouble because security group rules would prevent broadcast from working.
We need to stop applying security group rules if it's not security group enabled zone.