[GitHub] [cloudstack] weizhouapache commented on issue #3678: vpc: fix acl rule with protocol number is not applied correctly in vpc vr
weizhouapache commented on issue #3678: vpc: fix acl rule with protocol number is not applied correctly in vpc vr URL: https://github.com/apache/cloudstack/pull/3678#issuecomment-554617343 @rhtyd @DaanHoogland can you please review it ? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack] weizhouapache commented on issue #3678: vpc: fix acl rule with protocol number is not applied correctly in vpc vr
weizhouapache commented on issue #3678: vpc: fix acl rule with protocol number is not applied correctly in vpc vr URL: https://github.com/apache/cloudstack/pull/3678#issuecomment-553313753 @andrijapanicsb nice. maybe we can take dccp/sctp into consideration afterwards. They are not in use on our platforms. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack] weizhouapache commented on issue #3678: vpc: fix acl rule with protocol number is not applied correctly in vpc vr
weizhouapache commented on issue #3678: vpc: fix acl rule with protocol number is not applied correctly in vpc vr URL: https://github.com/apache/cloudstack/pull/3678#issuecomment-553306941 @andrijapanicsb I have tested in a virtual router, it gives the same result, only tcp/udp/dccp/sctp support dport. ``` root@r-597-VM:~# for i in `seq 0 142`;do iptables -I ACL_INBOUND_eth2 -p $i --dport 1000 -j ACCEPT >/dev/null 2>&1;if [ "$?" == "0" ];then echo $i;fi;done 6 17 33 132 ``` https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack] weizhouapache commented on issue #3678: vpc: fix acl rule with protocol number is not applied correctly in vpc vr
weizhouapache commented on issue #3678: vpc: fix acl rule with protocol number is not applied correctly in vpc vr URL: https://github.com/apache/cloudstack/pull/3678#issuecomment-553297873 @andrijapanicsb thanks for testing ! dport is not supported by some protocols , for example ah/esp/gre (50/51/47) According to iptables document (https://linux.die.net/man/8/iptables) , dport is supported by some other protocols besides tcp/udp , for example dccp, sctp. The protocols are rarely used. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack] weizhouapache commented on issue #3678: vpc: fix acl rule with protocol number is not applied correctly in vpc vr
weizhouapache commented on issue #3678: vpc: fix acl rule with protocol number is not applied correctly in vpc vr URL: https://github.com/apache/cloudstack/pull/3678#issuecomment-553133429 @blueorangutan test This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
