[ https://issues.apache.org/jira/browse/CLOUDSTACK-2819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
manasaveloori reopened CLOUDSTACK-2819: --------------------------------------- While applying the empty ACL list observed following messages in the log. 2013-06-24 20:46:40,290 DEBUG [network.vpc.NetworkACLManagerImpl] (Job-Executor-26:job-23) New network ACL is empty. Revoke existing rules before applying ACL 2013-06-24 20:46:40,295 DEBUG [network.vpc.NetworkACLManagerImpl] (Job-Executor-26:job-23) Found no network ACL Items for network id=206 2013-06-24 20:46:40,300 DEBUG [network.vpc.NetworkACLManagerImpl] (Job-Executor-26:job-23) Updated network: 206 with Network ACL Id: 3, Applying ACL items 2013-06-24 20:46:40,310 DEBUG [network.vpc.NetworkACLManagerImpl] (Job-Executor-26:job-23) Applying NetworkACL for network: 206 with Network ACL service provider 2013-06-24 20:46:40,320 DEBUG [network.element.VpcVirtualRouterElement] (Job-Executor-26:job-23) Virtual router elemnt doesn't need to apply firewall rules on the backend; virtual router doesn't exist in the network 206. But Empty list is getting updated for the tier network ************ 7. row *************************** id: 206 name: tier1 uuid: 4e24f0bf-bbad-40d0-9241-c7674d8da493 display_text: tier1 traffic_type: Guest broadcast_domain_type: Vlan broadcast_uri: NULL gateway: 10.0.1.1 cidr: 10.0.1.0/24 mode: Dhcp network_offering_id: 11 physical_network_id: 200 data_center_id: 1 guru_name: ExternalGuestNetworkGuru state: Allocated related: 206 domain_id: 1 account_id: 2 dns1: NULL dns2: NULL guru_data: NULL set_fields: 0 acl_type: Account network_domain: cs2cloud.internal reservation_id: NULL guest_type: Isolated restart_required: 0 created: 2013-06-24 14:26:01 removed: NULL specify_ip_ranges: 0 vpc_id: 1 ip6_gateway: NULL ip6_cidr: NULL network_cidr: NULL display_network: 1 network_acl_id: 3----------------------Empty ACL list 7 rows in set (0.00 sec) > [VPC][ACL]VPC tier accepting empty ACL list. > -------------------------------------------- > > Key: CLOUDSTACK-2819 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2819 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Network Controller > Affects Versions: 4.2.0 > Reporter: manasaveloori > Assignee: Kishan Kavala > Fix For: 4.2.0 > > > Steps: > 1. Have a CS with advanced zone. > 2. Create a VPC and a tier . > 3. Create a ACL list under network ACL lists. Leave the ACL list empty. > 4. Apply default_allow for tier network. > 5. View the configuration in VR(iptables –L –nv –t mangle). > 6. Now replace the ACL list for the tier with the one created in step3. > 7. Now the configuration in VR does not change. > Follow the steps 4 to 7 with default_deny .The same can be observed. > Expected behavior: > Should not allow the user to apply the empty ACL list to network. > network_acl_id is changing as we replace the ACL list under networks table. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira