on second thought, i wonder if a 'force reconnect' for the host restores the rules. That might be the way to restore them in an undocumented way.
On Wed, Jun 26, 2013 at 5:16 PM, Ahmad Emneina <aemne...@gmail.com> wrote: > If you feel strongly about it, I'd file a feature enhancement for it. At > least an api call that can restore the iptable rules. I'd also start a > thread about it on dev and see if you can get people to upvote the ticket. > I for one, would love to see that in cloudstack. > > > On Wed, Jun 26, 2013 at 11:20 AM, Nils Vogels <bacardic...@gmail.com>wrote: > >> One could argue that the CloudPortal should do this, since the host is >> under the reign of CloudPortal ... ;) >> >> >> On Wed, Jun 26, 2013 at 12:18 PM, Jayapal Reddy Uradi < >> jayapalreddy.ur...@citrix.com> wrote: >> >> > Restart iptables logic is specific to host iptables. >> > You can save (iptables-save) and restore (iptables-restore) to avoid >> > config loss. >> > >> > Thanks, >> > Jayapal >> > >> > > -----Original Message----- >> > > From: WXR [mailto:474745...@qq.com] >> > > Sent: Wednesday, 26 June 2013 12:57 PM >> > > To: users >> > > Subject: Re:RE: Is this a bug? >> > > >> > > Why the rule set will lost after iptables restarting?How can I do to >> > avoid it? >> > > >> > > >> > > >> > > >> > > ------------------ Original ------------------ >> > > From: "Jayapal Reddy Uradi"<jayapalreddy.ur...@citrix.com>; >> > > Date: Wed, Jun 26, 2013 12:34 PM >> > > To: "users"<users@cloudstack.apache.org>; >> > > >> > > Subject: RE: Is this a bug? >> > > >> > > >> > > >> > > Hi, >> > > >> > > It is not a bug. >> > > I think it is working as expected. >> > > Please find my inline comments. >> > > >> > > Thanks, >> > > Jayapal >> > > >> > > > -----Original Message----- >> > > > From: WXR [mailto:474745...@qq.com] >> > > > Sent: Wednesday, 26 June 2013 7:16 AM >> > > > To: users >> > > > Subject: Is this a bug? >> > > > >> > > > cloudstack version: 4.1 >> > > > >> > > > network type: basic zone and basic network >> > > > >> > > > security group setting: >> > > > Protocol Start Port End Port CIDR >> > > > TCP 1 65535 0.0.0.0/0 >> > > > UDP 1 65535 0.0.0.0/0 >> > > > ICMP -1 -1 0.0.0.0/0 >> > > > >> > > > VM OS: windows >> > > > >> > > > 1.I can ping the vm and connect to it by rdp. >> > > ICMP -1 -1 means allow icmp protocol all types and codes (255,255). >> > > RDP uses tcp 3399, tcp all ports are opened. >> > > So icmp and rdp are allowed to reach vm. >> > > > 2.When I restart the iptables of the Host physical machine,I can not >> > > > ping the vm,but I can still connect to it by rdp. >> > > When you restart the iptables please make sure the cloudstack >> configured >> > > rules are set before checking the traffic. >> > > RDP is working because the connection is in established state. >> > > >> > > > 3.When I delete the ICMP rule of security group and add the same >> rule >> > > > again.I can ping the vm. >> > > When you restart ipables rules, I think the icmp rule set by >> cloudstack >> > is lost. >> > > When you reconfigure the icmp rules on the Host is configured and >> > traffic to >> > > the vm is allowed. >> > > >> > > >> > > . >> > >> >> >> >> -- >> Simple guidelines to happiness: >> Work like you don't need the money, >> Love like your heart has never been broken and >> Dance like no one can see you. >> > >
