Restart iptables logic is specific to host iptables. You can save (iptables-save) and restore (iptables-restore) to avoid config loss.
Thanks, Jayapal > -----Original Message----- > From: WXR [mailto:474745...@qq.com] > Sent: Wednesday, 26 June 2013 12:57 PM > To: users > Subject: Re:RE: Is this a bug? > > Why the rule set will lost after iptables restarting?How can I do to avoid it? > > > > > ------------------ Original ------------------ > From: "Jayapal Reddy Uradi"<jayapalreddy.ur...@citrix.com>; > Date: Wed, Jun 26, 2013 12:34 PM > To: "users"<users@cloudstack.apache.org>; > > Subject: RE: Is this a bug? > > > > Hi, > > It is not a bug. > I think it is working as expected. > Please find my inline comments. > > Thanks, > Jayapal > > > -----Original Message----- > > From: WXR [mailto:474745...@qq.com] > > Sent: Wednesday, 26 June 2013 7:16 AM > > To: users > > Subject: Is this a bug? > > > > cloudstack version: 4.1 > > > > network type: basic zone and basic network > > > > security group setting: > > Protocol Start Port End Port CIDR > > TCP 1 65535 0.0.0.0/0 > > UDP 1 65535 0.0.0.0/0 > > ICMP -1 -1 0.0.0.0/0 > > > > VM OS: windows > > > > 1.I can ping the vm and connect to it by rdp. > ICMP -1 -1 means allow icmp protocol all types and codes (255,255). > RDP uses tcp 3399, tcp all ports are opened. > So icmp and rdp are allowed to reach vm. > > 2.When I restart the iptables of the Host physical machine,I can not > > ping the vm,but I can still connect to it by rdp. > When you restart the iptables please make sure the cloudstack configured > rules are set before checking the traffic. > RDP is working because the connection is in established state. > > > 3.When I delete the ICMP rule of security group and add the same rule > > again.I can ping the vm. > When you restart ipables rules, I think the icmp rule set by cloudstack is > lost. > When you reconfigure the icmp rules on the Host is configured and traffic to > the vm is allowed. > > > .
