Have you logged on to the related virtual router and checked if the declared firewall rules are visible?
With regards Thomas Joseph On Tue, 13 Oct 2020, 10:53 am Rafael del Valle, <rva...@livelens.net.invalid> wrote: > arrrgh... > > Not even the 9999 rule helps once I deploy all my tiers and rules. > > Egress just seems broken on VPC in 4.14. > > Anybody successfully using Egress/VPC in 4.14? > > > On Tue, 2020-10-13 09:37 AM, rva...@privaz.io.INVALID wrote: > > Hi Rene, > > > > I know what you mean now: the "By default, all incoming traffic to > > the guest networks is blocked and all outgoing traffic from guest > > networks is allowed, once you add an ACL rule for outgoing traffic, then > > only outgoing traffic specified in this ACL rule is allowed, the rest is > > blocked." > > > > This is how I remembered it. > > > > However, It looks like the last bit (once you add an ACL rule for > outgoing traffic...) seems to be implemented in isolated networks but not > in VPC tiers. > > > > I managed to achieve the desired behaviour by adding a: > > > > 9999 0.0.0.0/0 Egreess Deny ALL ALL > > > > Rule to my ACLs in VPC tiers, even thou there is already another Egress > rule present. > > > > However the Isolated networks that I have do not need it, as they do > honour the previous specification. > > > > I am going to create an issue and see if the team can reproduce this > behaviour. > > > > Regards, > > Rafael > > > > On Mon, 2020-10-12 05:53 PM, Rene Moser " target="_blank">< > m...@renemoser.net> wrote: > > > > > On 12.10.20 17:30, rva...@privaz.io.INVALID wrote: > > > > Am I missing something? > > > > > > > > > It's been a while but I remember the default egress rule is "allow > from > > > all". > > > > > > > https://docs.cloudstack.apache.org/en/4.14.0.0/adminguide/networking/virtual_private_cloud_config.html?#about-network-acl-lists > > > > > > The doc however seems to be inconsistent, the table says "Deny all" > for > > > outgoing. I guess this is a typo in the table there. > > > > > > Regards > > > René > > > > > > > > > > >
