I see VR ingress traffic is blocked by default from iptables mangle table. But on the guest interface all the traffic is accepted. Also egress firewall rule will break because of FORWARD policy.
Thanks, Jayapal On 30-Jul-2015, at 12:53 PM, Jayapal Reddy Uradi <jayapalreddy.ur...@citrix.com> wrote: > > It is security concern on the VR. All the ingress traffic onto the VR is > accepted. > Let it be blocker. > > Thanks, > Jayapal > > On 30-Jul-2015, at 12:28 PM, Daan Hoogland <daan.hoogl...@gmail.com> > wrote: > >> I changed it to critical. It is only a blocker if we agree on this >> list that it is. >> >> On Thu, Jul 30, 2015 at 6:44 AM, Sanjeev N <sanj...@apache.org> wrote: >>> Hi, >>> >>> In latest ACS builds, the ip table rules in VR have ACCEPT as the default >>> policy in INPUT and FORWARD chains, instead of DROP. >>> >>> Created a blocker bug for this issue >>> https://issues.apache.org/jira/browse/CLOUDSTACK-8688 >>> >>> Can somebody please fix it? >>> >>> Thanks, >>> Sanjeev >> >> >> >> -- >> Daan >
