Uploaded image for project: 'CloudStack'
  1. CloudStack
  2. CLOUDSTACK-9480

Egress Firewall: Incorrect use of Allow/Deny for ICMP

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 4.6.2, 4.7.1, 4.8.0, 4.9.0
    • 4.10.0.0, 4.9.1.0, 4.8.2.0
    • Network Controller
    • Security Level: Public (Anyone can view this level - this is the default.)
    • None

    Description

      When 'default egress policy' is set to 'allow' in the network offering, any egress rule that is added will 'deny' the traffic overriding the default behaviour.

      Conversely, when 'default egress policy' is set to 'deny' in the network offering, any egress rule that is added will 'allow' the traffic overriding the default behaviour.

      While this works for 'tcp', 'udp' as expected, for 'icmp' protocol its always set to ALLOW.

      Egress firewall rule behaviour should be consistent for all the protocols.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CLOUDSTACK-9519 test_01_RVR_Network_FW_PF_SSH_default_routes_egress_true Smoke Test Failure

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          links to

          Web Link GitHub Pull Request #1666

          Activity

            People

              murali.reddy Murali Reddy
              murali.reddy Murali Reddy
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: