mirror of https://github.com/apache/cloudstack.git
cc043e9f8f
CLOUDSTACK-9480, CLOUDSTACK-9495 fix egress rule incorrect behaviorWhen 'default egress policy' is set to 'allow' in the network offering, any egress rule that is added will 'deny' the traffic overriding the default behaviour. Conversely, when 'default egress policy' is set to 'deny' in the network offering, any egress rule that is added will 'allow' the traffic overriding the default behaviour. While this works for 'tcp', 'udp' as expected, for 'icmp' protocol its always set to ALLOW. This patch keeps all protocols behaviour consistent. Results of running test/integration/component/test_egress_fw_rules.py. With out the patch test_02_egress_fr2 test was failing. This patch fixes the test_02_egress_fr2 scenario. ----------------------------------------------------------------------------------------------------- Test By-default the communication from guest n/w to public n/w is NOT allowed. ... === TestName: test_01_1_egress_fr1 | Status : SUCCESS === ok Test By-default the communication from guest n/w to public n/w is allowed. ... === TestName: test_01_egress_fr1 | Status : SUCCESS === ok Test Allow Communication using Egress rule with CIDR + Port Range + Protocol. ... === TestName: test_02_1_egress_fr2 | Status : SUCCESS === ok Test Allow Communication using Egress rule with CIDR + Port Range + Protocol. ... === TestName: test_02_egress_fr2 | Status : SUCCESS === ok Test Communication blocked with network that is other than specified ... === TestName: test_03_1_egress_fr3 | Status : SUCCESS === ok Test Communication blocked with network that is other than specified ... === TestName: test_03_egress_fr3 | Status : SUCCESS === ok Test Create Egress rule and check the Firewall_Rules DB table ... === TestName: test_04_1_egress_fr4 | Status : SUCCESS === ok Test Create Egress rule and check the Firewall_Rules DB table ... === TestName: test_04_egress_fr4 | Status : SUCCESS === ok Test Create Egress rule and check the IP tables ... SKIP: Skip Test Create Egress rule and check the IP tables ... SKIP: Skip Test Create Egress rule without CIDR ... === TestName: test_06_1_egress_fr6 | Status : SUCCESS === ok Test Create Egress rule without CIDR ... === TestName: test_06_egress_fr6 | Status : SUCCESS === ok Test Create Egress rule without End Port ... === TestName: test_07_1_egress_fr7 | Status : EXCEPTION === ERROR Test Create Egress rule without End Port ... === TestName: test_07_egress_fr7 | Status : SUCCESS === ok Test Port Forwarding and Egress Conflict ... SKIP: Skip Test Port Forwarding and Egress Conflict ... SKIP: Skip Test Delete Egress rule ... === TestName: test_09_1_egress_fr9 | Status : SUCCESS === ok Test Delete Egress rule ... === TestName: test_09_egress_fr9 | Status : SUCCESS === ok Test Invalid CIDR and Invalid Port ranges ... === TestName: test_10_1_egress_fr10 | Status : SUCCESS === ok Test Invalid CIDR and Invalid Port ranges ... === TestName: test_10_egress_fr10 | Status : SUCCESS === ok Test Regression on Firewall + PF + LB + SNAT ... === TestName: test_11_1_egress_fr11 | Status : SUCCESS === ok Test Regression on Firewall + PF + LB + SNAT ... === TestName: test_11_egress_fr11 | Status : SUCCESS === ok Test Reboot Router ... === TestName: test_12_1_egress_fr12 | Status : SUCCESS === ok Test Reboot Router ... === TestName: test_12_egress_fr12 | Status : EXCEPTION === ERROR Test Redundant Router : Master failover ... === TestName: test_13_1_egress_fr13 | Status : SUCCESS === ok Test Redundant Router : Master failover ... === TestName: test_13_egress_fr13 | Status : SUCCESS === ok ----------------------------------------------------------------------------------------------------- * pr/1666: fix egress rule incorrect behavior Signed-off-by: Rajani Karuturi <rajani.karuturi@accelerite.com> |
||
|---|---|---|
| .. | ||
| bindir | ||
| certs | ||
| conf | ||
| conf.dom0 | ||
| css | ||
| distro | ||
| images | ||
| js | ||
| libexec | ||
| patches/debian | ||
| scripts | ||
| test/python | ||
| ui | ||
| vm-script | ||
| pom.xml | ||
| systemvm-descriptor.xml | ||