[ https://issues.apache.org/jira/browse/CLOUDSTACK-9404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15353179#comment-15353179 ]
ASF subversion and git services commented on CLOUDSTACK-9404: ------------------------------------------------------------- Commit 3952e3e83e29fb79fbc409b29255813bd77ee1ac in cloudstack's branch refs/heads/4.7 from [~williamstev...@gmail.com] [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=3952e3e ] Merge pull request #1581 from pdube/network-acl-rules-order CLOUDSTACK-9404 Fixed ordering of network ACL rules being sent to the VR. The comparator was inverted. Issue: https://issues.apache.org/jira/browse/CLOUDSTACK-9404 In this example, I created rules with the port numbers the same as the rule numbers. Chain ACL_INBOUND_eth2 (1 references) target prot opt source destination ACCEPT all -- anywhere 225.0.0.50 ACCEPT all -- anywhere vrrp.mcast.net DROP tcp -- anywhere anywhere tcp dpt:netstat DROP tcp -- anywhere anywhere tcp dpt:10 DROP tcp -- anywhere anywhere tcp dpt:5 DROP tcp -- anywhere anywhere tcp dpt:3 DROP tcp -- anywhere anywhere tcp dpt:2 DROP all -- anywhere anywhere We can see above that the rules are inverted. After the fix: Chain ACL_INBOUND_eth2 (1 references) target prot opt source destination ACCEPT all -- anywhere 225.0.0.50 ACCEPT all -- anywhere vrrp.mcast.net DROP tcp -- anywhere anywhere tcp dpt:2 DROP tcp -- anywhere anywhere tcp dpt:3 DROP tcp -- anywhere anywhere tcp dpt:5 DROP tcp -- anywhere anywhere tcp dpt:10 DROP tcp -- anywhere anywhere tcp dpt:netstat DROP all -- anywhere anywhere * pr/1581: Added ASF license to unit test file Added unit test to verify ordering Fixed ordering of network ACL rules being sent to the VR. The comparator was inverted Signed-off-by: Will Stevens <williamstev...@gmail.com> > Network ACL rules in VPCs are applied in an inverted order > ---------------------------------------------------------- > > Key: CLOUDSTACK-9404 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9404 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Affects Versions: 4.7.2, 4.8.0, 4.9.0 > Reporter: Patrick D. > Assignee: Patrick D. > > Found the issue in the agent code. The comparator is inverted -- This message was sent by Atlassian JIRA (v6.3.4#6332)