euca-authorize adds wrong rules for group-to-group rule
Bug #1006878 reported by
Vasyl Khomenko
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Invalid
|
Medium
|
Unassigned |
Bug Description
When i add group-to-group rule i get only TCP allowed to pass.
Should be passed all traffic.
# euca-add-group test1 -d test1
GROUP test1 test1
# euca-add-group test2 -d test2
GROUP test2 test2
# euca-authorize -o test1 test2
GROUP test2
PERMISSION test2 ALLOWS tcp GRPNAME test1 FROM CIDR 0.0.0.0/0
# euca-describe-
GROUP 2fa3fa776ca346b
GROUP 2fa3fa776ca346b
GROUP 2fa3fa776ca346b
PERMISSION 2fa3fa776ca346b
Changed in nova: | |
importance: | Undecided → Medium |
status: | Incomplete → Confirmed |
tags: | added: ec2 |
Changed in nova: | |
assignee: | nobody → Avinash Prasad (avinash-prasad) |
Changed in nova: | |
status: | Confirmed → In Progress |
Changed in nova: | |
status: | Incomplete → Invalid |
To post a comment you must log in.
Have you tried commands like euca-authorize -P icmp -t -1:-1 test2 or euca-authorize -P tcp -p 22 test2on test2? It is possible for a security group to have a default access control, which does not permit other traffic.