weizhouapache commented on PR #8787: URL: https://github.com/apache/cloudstack/pull/8787#issuecomment-2000326676
> @weizhouapache does this still need work? Also, could you share your test results? here is the iptables rules of a VPC VR without any tier in my testing ``` root@r-1277-VM:~# iptables-save # Generated by iptables-save v1.8.9 (nf_tables) on Fri Mar 15 19:30:53 2024 *mangle :PREROUTING ACCEPT [474:70400] :INPUT ACCEPT [473:70360] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [458:70506] :POSTROUTING ACCEPT [458:70506] -A OUTPUT -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT # Completed on Fri Mar 15 19:30:53 2024 # Generated by iptables-save v1.8.9 (nf_tables) on Fri Mar 15 19:30:53 2024 *filter :INPUT DROP [7:1099] :FORWARD DROP [0:0] :OUTPUT ACCEPT [458:70506] :FW_EGRESS_RULES - [0:0] -A INPUT -d 224.0.0.18/32 -j ACCEPT -A INPUT -d 225.0.0.50/32 -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 3922 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Fri Mar 15 19:30:53 2024 # Generated by iptables-save v1.8.9 (nf_tables) on Fri Mar 15 19:30:53 2024 *nat :PREROUTING ACCEPT [30:2675] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [51:4079] :POSTROUTING ACCEPT [51:4079] COMMIT # Completed on Fri Mar 15 19:30:53 2024 ``` which is same as https://github.com/apache/cloudstack/blob/7b02c4cc482a97fe5efcf243a20f04769109e056/systemvm/debian/etc/iptables/iptables-vpcrouter#L18-L42 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
