One could argue that the CloudPortal should do this, since the host is under the reign of CloudPortal ... ;)
On Wed, Jun 26, 2013 at 12:18 PM, Jayapal Reddy Uradi < jayapalreddy.ur...@citrix.com> wrote: > Restart iptables logic is specific to host iptables. > You can save (iptables-save) and restore (iptables-restore) to avoid > config loss. > > Thanks, > Jayapal > > > -----Original Message----- > > From: WXR [mailto:474745...@qq.com] > > Sent: Wednesday, 26 June 2013 12:57 PM > > To: users > > Subject: Re:RE: Is this a bug? > > > > Why the rule set will lost after iptables restarting?How can I do to > avoid it? > > > > > > > > > > ------------------ Original ------------------ > > From: "Jayapal Reddy Uradi"<jayapalreddy.ur...@citrix.com>; > > Date: Wed, Jun 26, 2013 12:34 PM > > To: "users"<users@cloudstack.apache.org>; > > > > Subject: RE: Is this a bug? > > > > > > > > Hi, > > > > It is not a bug. > > I think it is working as expected. > > Please find my inline comments. > > > > Thanks, > > Jayapal > > > > > -----Original Message----- > > > From: WXR [mailto:474745...@qq.com] > > > Sent: Wednesday, 26 June 2013 7:16 AM > > > To: users > > > Subject: Is this a bug? > > > > > > cloudstack version: 4.1 > > > > > > network type: basic zone and basic network > > > > > > security group setting: > > > Protocol Start Port End Port CIDR > > > TCP 1 65535 0.0.0.0/0 > > > UDP 1 65535 0.0.0.0/0 > > > ICMP -1 -1 0.0.0.0/0 > > > > > > VM OS: windows > > > > > > 1.I can ping the vm and connect to it by rdp. > > ICMP -1 -1 means allow icmp protocol all types and codes (255,255). > > RDP uses tcp 3399, tcp all ports are opened. > > So icmp and rdp are allowed to reach vm. > > > 2.When I restart the iptables of the Host physical machine,I can not > > > ping the vm,but I can still connect to it by rdp. > > When you restart the iptables please make sure the cloudstack configured > > rules are set before checking the traffic. > > RDP is working because the connection is in established state. > > > > > 3.When I delete the ICMP rule of security group and add the same rule > > > again.I can ping the vm. > > When you restart ipables rules, I think the icmp rule set by cloudstack > is lost. > > When you reconfigure the icmp rules on the Host is configured and > traffic to > > the vm is allowed. > > > > > > . > -- Simple guidelines to happiness: Work like you don't need the money, Love like your heart has never been broken and Dance like no one can see you.
