It is security concern on the VR. All the ingress traffic onto the VR is accepted. Let it be blocker.
Thanks, Jayapal On 30-Jul-2015, at 12:28 PM, Daan Hoogland <daan.hoogl...@gmail.com> wrote: > I changed it to critical. It is only a blocker if we agree on this > list that it is. > > On Thu, Jul 30, 2015 at 6:44 AM, Sanjeev N <sanj...@apache.org> wrote: >> Hi, >> >> In latest ACS builds, the ip table rules in VR have ACCEPT as the default >> policy in INPUT and FORWARD chains, instead of DROP. >> >> Created a blocker bug for this issue >> https://issues.apache.org/jira/browse/CLOUDSTACK-8688 >> >> Can somebody please fix it? >> >> Thanks, >> Sanjeev > > > > -- > Daan