[ https://issues.apache.org/jira/browse/CLOUDSTACK-9404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15331245#comment-15331245 ]
ASF GitHub Bot commented on CLOUDSTACK-9404: -------------------------------------------- Github user kishankavala commented on the issue: https://github.com/apache/cloudstack/pull/1581 @pdube though the fix looks good, the root of the issue is different. Earlier when bash scripts were used to configure rules on VR, iptable rules for ACLs were inserted (-I option). This changed to add (-A option) after VR refactor, resulting in rules being applied in the reverse order. > Network ACL rules in VPCs are applied in an inverted order > ---------------------------------------------------------- > > Key: CLOUDSTACK-9404 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9404 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Affects Versions: 4.7.2, 4.8.0, 4.9.0 > Reporter: Patrick D. > Assignee: Patrick D. > > Found the issue in the agent code. The comparator is inverted -- This message was sent by Atlassian JIRA (v6.3.4#6332)