Re: Review Request 12934: Tests for egress firewall rules for advance zone

Jayapal Reddy Mon, 29 Jul 2013 05:33:34 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/12934/#review24101
-----------------------------------------------------------




test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47940>

    I think you are not clear with the default egress policy. 
    
     - egress policy true
       All the guest network traffic to public n/w is allowed by default. 
Adding egress rule blocks only the rule specific traffic.
       
    -egress policy false
        By default guest network traffic to public n/w is block. if you add 
egress rule  then only egress rule specific traffic is allowed.
    
    When egress policy is true, by default the guest network traffic is allow.
    
    public network should be reachable



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47942>

    here ping google.com should success.



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47941>

    Please update all the comments in this file, network offering with egress 
policy .
    # deploy vm with network offering egress policy true 



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47944>

    Please understand the basics and update the test cases.
    
    ping should be blocked. 100% packet loss



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47945>

    mention the network offering with egress policy=false



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47946>

    Here ping is success. 
    I did not get why 100% packet loss ?



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47948>

    In egress CIDR is not destination/public CIDR.
    CIDR is guest network/source CIDR.
    
    Please change the comments



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47949>

    if 10.2.2.2 exists then ping will be success. 
    
    You test case should be like.
    give CIDR 10.1.1.120/32 and try to access wget from the vm 10.1.1.100. Then 
ping should fail from the 10.1.1.100 and pass from the vm with ip 10.1.1.120



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47950>

    The purpose of the test is not correct.
    
    The CIDR is source cidr, so testing public network is not needed.



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47951>

    
    wget will be success.Why we get failed here ?



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47953>

    here egress default policy is true. 
    created egress rule for icmp , the icmp traffic is BLOCKED and other 
traffic is allowed.
    
    



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47954>

    connection to public should be allowed



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47952>

    do we need second vm here ?



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47955>

    here ping should fail here



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47956>

    ping should success here



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47957>

    Here you are passing valid CIDR.
    The comment should be updated to 
    'create egress rule with other than guest cidr'



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47958>

    remove this comment



test/integration/component/test_egress_fw_rules.py
<https://reviews.apache.org/r/12934/#comment47959>

    Remove this comment


- Jayapal Reddy


On July 29, 2013, 4:57 a.m., Ashutosh Kelkar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/12934/
> -----------------------------------------------------------
> 
> (Updated July 29, 2013, 4:57 a.m.)
> 
> 
> Review request for cloudstack, Girish Shilamkar, Jayapal Reddy, and Prasanna 
> Santhanam.
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> -------
> 
> Tests for egress firewall rules for advance zone.
> 
> 
> Diffs
> -----
> 
>   test/integration/component/test_egress_fw_rules.py PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/12934/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Ashutosh Kelkar
> 
>

Re: Review Request 12934: Tests for egress firewall rules for advance zone

Reply via email to