> On July 26, 2013, 12:28 p.m., Jayapal Reddy wrote: > > test/integration/component/test_egress_fw_rules.py, line 370 > > <https://reviews.apache.org/r/12934/diff/2/?file=328044#file328044line370> > > > > Please add network offering details also here. > > > > #1. deploy VM using network offering with egress policy true
Done. > On July 26, 2013, 12:28 p.m., Jayapal Reddy wrote: > > test/integration/component/test_egress_fw_rules.py, line 373 > > <https://reviews.apache.org/r/12934/diff/2/?file=328044#file328044line373> > > > > Created network offering with egress policy True. That means by default > > all the guest traffic is allowed. If you create egress rules (ex: icmp) > > then the icmp traffic is blocked. > > > > So #4. Public Network should be reachable from the VM Done. > On July 26, 2013, 12:28 p.m., Jayapal Reddy wrote: > > test/integration/component/test_egress_fw_rules.py, line 390 > > <https://reviews.apache.org/r/12934/diff/2/?file=328044#file328044line390> > > > > I gone through the your test cases. I think you bit confused on the > > egress default policy and rules > > . > > Please update you test cases and test case comments as per below. > > > > 1. Network offering with egress_policy = true. > > - By default guest network traffic is allowed. > > - Egress rules traffic will be blocked and other traffic is allowed > > Ex: if you create egress rule for icmp traffic then except icmp other > > traffic is allowed. > > > > - Rules with DROP target added. > > -A FW_EGRESS_RULES -p icmp -j DROP > > > > 2. Network offering with egress_policy = false > > - By default the guest network traffic is blocked. > > - Egress rule traffic is allowed. If you create egress rule with > > icmp protocol then except icmp other traffic is blocked. > > -Rules added with target ACCEPT. > > -A FW_EGRESS_RULES -p icmp -j ACCPT > > > > > > > > The CIDR in the egress rules is guest network cidr. The traffic > > allowed/blocked for guest network CIDR. CIDR is not Public/destination > > network cidr. > > > > > > Added test scenario for guest network access check. > On July 26, 2013, 12:28 p.m., Jayapal Reddy wrote: > > test/integration/component/test_egress_fw_rules.py, line 426 > > <https://reviews.apache.org/r/12934/diff/2/?file=328044#file328044line426> > > > > In egress the CIDR is source CIDR (guest network CIDR). If you don't > > mention the CIDR it will take the default guest network CIDR. > > > > Egress compares the source CIDR. > > Done, added test scenario for guest network access check. - Ashutosh ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/12934/#review23939 ----------------------------------------------------------- On July 29, 2013, 4:57 a.m., Ashutosh Kelkar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/12934/ > ----------------------------------------------------------- > > (Updated July 29, 2013, 4:57 a.m.) > > > Review request for cloudstack, Girish Shilamkar, Jayapal Reddy, and Prasanna > Santhanam. > > > Repository: cloudstack-git > > > Description > ------- > > Tests for egress firewall rules for advance zone. > > > Diffs > ----- > > test/integration/component/test_egress_fw_rules.py PRE-CREATION > > Diff: https://reviews.apache.org/r/12934/diff/ > > > Testing > ------- > > > Thanks, > > Ashutosh Kelkar > >
