VPC : by default , outgoing traffic is allowed out, once egress rules are added, only traffic specified in those are allowed out, others are blocked

patches/systemvm/debian/config/opt/cloud/bin/vpc_acl.sh

@@ -126,6 +126,7 @@ acl_entry_for_guest_network() {
         sudo iptables -I ACL_INBOUND_$dev -p $prot -s $lcidr  \
                     --icmp-type $typecode  -j ACCEPT
       else
+        let egress++
         sudo iptables -t mangle -I ACL_OUTBOUND_$dev -p $prot -d $lcidr  \
                     --icmp-type $typecode  -j ACCEPT
       fi
@@ -135,6 +136,7 @@ acl_entry_for_guest_network() {
         sudo iptables -I ACL_INBOUND_$dev -p $prot -s $lcidr \
                     $DPORT -j ACCEPT
       else
+        let egress++
         sudo iptables -t mangle -I ACL_OUTBOUND_$dev -p $prot -d $lcidr \
                     $DPORT -j ACCEPT
       fi
@@ -199,7 +201,7 @@ fi
 success=0
 
 acl_chain_for_guest_network
-
+egress=0
 for r in $rules_list
 do
   acl_entry_for_guest_network $r
@@ -219,6 +221,12 @@ then
   acl_restore
 else
   logger -t cloud "$(basename $0): deleting backup for guest network: $gcidr"
+  if [ $egress -eq 0 ]
+  then
+    sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j ACCEPT 2>/dev/null
+  else
+    sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j DROP 2>/dev/null
+  fi   
   acl_switch_to_new
 fi
 unlock_exit $success $lock $locked