Jayapal Reddy created CLOUDSTACK-9702: -----------------------------------------
Summary: VR iptables configuration issues Key: CLOUDSTACK-9702 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9702 Project: CloudStack Issue Type: Bug Security Level: Public (Anyone can view this level - this is the default.) Reporter: Jayapal Reddy 1. If there is a exception in configure.py while adding the iptables rule the error is not reported back to API, API response shows success. - If there is failure in delete (due to iptables rule is incorrectly framed) then this rule stays in VR till VR reboots. a. In CsNetfilter.py: __convert_to_dict() method is inefficient. With this method it is not possible to include the option if it is there multiple times. b. Second thing is it rely on the key value pair of iptable option and value. It will not work for iptables. Example rule for the a and b iptables -A FW_EGRESS_RULES -p tcp -m set --match-set sourceCidrIpset src -m set --match-set destCidrIpset dst -m tcp --dport 22 -j DROP In the above example -m option is present multiple times. If we slit key value for the dictionary then you will get destCidrIpset will get as key which is a variable (not a iptables option) With the existing code of CsNetfilter it will not frame the exact rule for the deletion. -- This message was sent by Atlassian JIRA (v6.3.4#6332)