Iptables restart loads the default configuration from the config file (/etc/sysconfig/iptables). In this case other configuration will be lost. If you want to reset iptables config use restart.
cloudstack is not controlling the iptables restart. User is not supposed to touch the cloudstack configured iptables rules. I think you can also change the restart logic to save and re apply the config instead of default. It is better to use iptables-save,iptables stop, iptables start and iptables-reload. Thanks, Jayapal > -----Original Message----- > From: Nils Vogels [mailto:bacardic...@gmail.com] > Sent: Wednesday, 26 June 2013 3:50 PM > To: users@cloudstack.apache.org > Subject: Re: Re:RE: Is this a bug? > > One could argue that the CloudPortal should do this, since the host is under > the reign of CloudPortal ... ;) > > > On Wed, Jun 26, 2013 at 12:18 PM, Jayapal Reddy Uradi < > jayapalreddy.ur...@citrix.com> wrote: > > > Restart iptables logic is specific to host iptables. > > You can save (iptables-save) and restore (iptables-restore) to avoid > > config loss. > > > > Thanks, > > Jayapal > > > > > -----Original Message----- > > > From: WXR [mailto:474745...@qq.com] > > > Sent: Wednesday, 26 June 2013 12:57 PM > > > To: users > > > Subject: Re:RE: Is this a bug? > > > > > > Why the rule set will lost after iptables restarting?How can I do to > > avoid it? > > > > > > > > > > > > > > > ------------------ Original ------------------ > > > From: "Jayapal Reddy Uradi"<jayapalreddy.ur...@citrix.com>; > > > Date: Wed, Jun 26, 2013 12:34 PM > > > To: "users"<users@cloudstack.apache.org>; > > > > > > Subject: RE: Is this a bug? > > > > > > > > > > > > Hi, > > > > > > It is not a bug. > > > I think it is working as expected. > > > Please find my inline comments. > > > > > > Thanks, > > > Jayapal > > > > > > > -----Original Message----- > > > > From: WXR [mailto:474745...@qq.com] > > > > Sent: Wednesday, 26 June 2013 7:16 AM > > > > To: users > > > > Subject: Is this a bug? > > > > > > > > cloudstack version: 4.1 > > > > > > > > network type: basic zone and basic network > > > > > > > > security group setting: > > > > Protocol Start Port End Port CIDR > > > > TCP 1 65535 0.0.0.0/0 > > > > UDP 1 65535 0.0.0.0/0 > > > > ICMP -1 -1 0.0.0.0/0 > > > > > > > > VM OS: windows > > > > > > > > 1.I can ping the vm and connect to it by rdp. > > > ICMP -1 -1 means allow icmp protocol all types and codes (255,255). > > > RDP uses tcp 3399, tcp all ports are opened. > > > So icmp and rdp are allowed to reach vm. > > > > 2.When I restart the iptables of the Host physical machine,I can > > > > not ping the vm,but I can still connect to it by rdp. > > > When you restart the iptables please make sure the cloudstack > > > configured rules are set before checking the traffic. > > > RDP is working because the connection is in established state. > > > > > > > 3.When I delete the ICMP rule of security group and add the same > > > > rule again.I can ping the vm. > > > When you restart ipables rules, I think the icmp rule set by > > > cloudstack > > is lost. > > > When you reconfigure the icmp rules on the Host is configured and > > traffic to > > > the vm is allowed. > > > > > > > > > . > > > > > > -- > Simple guidelines to happiness: > Work like you don't need the money, > Love like your heart has never been broken and Dance like no one can see > you.
