CLOUDSTACK-8925 - Drop the traffic when default egress is set to false

- The DROP rule should be appended and the other rules inserted.
2025-11-02 20:02:29 +01:00 · 2015-11-02 12:00:22 +01:00 · 2015-11-02 12:00:22 +01:00 · caa0b4071c
commit caa0b4071c
parent e3a4ec6cfd
1 changed files with 5 additions and 1 deletions
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@ -97,12 +97,16 @@ class CsAcl(CsDataBag):
                self.rule['last_port'] = obj['src_port_range'][1]
            self.rule['allowed'] = True

+            self.rule['action'] = "ACCEPT"
+
+            # In that case it means we are processing the default egress rule
            if self.rule['type'] == 'all' and not obj['source_cidr_list']:
+                if self.rule['default_egress_policy'] == 'false':
+                    self.rule['action'] = "DROP"
                self.rule['cidr'] = ['0.0.0.0/0']
            else:
                self.rule['cidr'] = obj['source_cidr_list']

-            self.rule['action'] = "ACCEPT"
            logging.debug("AclIP created for rule ==> %s", self.rule)

        def create(self):