----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/12934/#review24101 -----------------------------------------------------------
test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47940> I think you are not clear with the default egress policy. - egress policy true All the guest network traffic to public n/w is allowed by default. Adding egress rule blocks only the rule specific traffic. -egress policy false By default guest network traffic to public n/w is block. if you add egress rule then only egress rule specific traffic is allowed. When egress policy is true, by default the guest network traffic is allow. public network should be reachable test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47942> here ping google.com should success. test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47941> Please update all the comments in this file, network offering with egress policy . # deploy vm with network offering egress policy true test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47944> Please understand the basics and update the test cases. ping should be blocked. 100% packet loss test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47945> mention the network offering with egress policy=false test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47946> Here ping is success. I did not get why 100% packet loss ? test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47948> In egress CIDR is not destination/public CIDR. CIDR is guest network/source CIDR. Please change the comments test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47949> if 10.2.2.2 exists then ping will be success. You test case should be like. give CIDR 10.1.1.120/32 and try to access wget from the vm 10.1.1.100. Then ping should fail from the 10.1.1.100 and pass from the vm with ip 10.1.1.120 test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47950> The purpose of the test is not correct. The CIDR is source cidr, so testing public network is not needed. test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47951> wget will be success.Why we get failed here ? test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47953> here egress default policy is true. created egress rule for icmp , the icmp traffic is BLOCKED and other traffic is allowed. test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47954> connection to public should be allowed test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47952> do we need second vm here ? test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47955> here ping should fail here test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47956> ping should success here test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47957> Here you are passing valid CIDR. The comment should be updated to 'create egress rule with other than guest cidr' test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47958> remove this comment test/integration/component/test_egress_fw_rules.py <https://reviews.apache.org/r/12934/#comment47959> Remove this comment - Jayapal Reddy On July 29, 2013, 4:57 a.m., Ashutosh Kelkar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/12934/ > ----------------------------------------------------------- > > (Updated July 29, 2013, 4:57 a.m.) > > > Review request for cloudstack, Girish Shilamkar, Jayapal Reddy, and Prasanna > Santhanam. > > > Repository: cloudstack-git > > > Description > ------- > > Tests for egress firewall rules for advance zone. > > > Diffs > ----- > > test/integration/component/test_egress_fw_rules.py PRE-CREATION > > Diff: https://reviews.apache.org/r/12934/diff/ > > > Testing > ------- > > > Thanks, > > Ashutosh Kelkar > >