lsgalves opened a new issue, #8729:
URL: https://github.com/apache/cloudstack/issues/8729
##### ISSUE TYPE
* Bug Report
##### COMPONENT NAME
~~~
VR
~~~
##### CLOUDSTACK VERSION
~~~
4.19.0
~~~
##### CONFIGURATION
##### OS / ENVIRONMENT
##### SUMMARY
When having a VPC without associated vms, there are no firewall rules
defined (iptables). And that's a problem because it leaves the vrouter
vulnerable to receiving a packet on port 35999, and if that happens, HAProxy
will start logging in a loop until it fills the vrouter's disk.
##### STEPS TO REPRODUCE
Create a new VPC with default VPC network offering
Send a package to 35999 port of VPC vrouter public IP. Example: `telnet
<public-ip> 35999`
Conect to vrouter shell and check `/var/log/haproxy.log`
##### EXPECTED RESULTS
That applies the iptables rules even when there are no vms associated with
the VPC, or that there is no virtual router running if there are no vms
associated with the VPC (just as it is in isolated networks).
##### ACTUAL RESULTS
Virtual router running in a VPC even when there are no vms associated with
it and its network offering is not as persistent and without defined firewall
rules.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
