-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
529 explain return path #627
base: main
Are you sure you want to change the base?
Conversation
…edStatefulConnectionsOld
…rectional no longer needed
…Properties.conn is no longer required for report endpoints and report subnets
…tring no longer needed
@ShiriMoran please add the issue referred to this PR, and a short description of this PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
few initial comments
==================================================================== | ||
|
||
Allowed connections from vsi3a-ky[10.240.30.5] to vsi1-ky[10.240.10.4]: All Connections | ||
TCP respond is enabled on protocol: TCP src-ports: 1-50 dst-ports: 1-600 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TCP respond is enabled on protocol: TCP src-ports: 1-50 dst-ports: 1-600 | |
TCP response is enabled on protocol: TCP src-ports: 1-50 dst-ports: 1-600 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
security group sg1-ky allows connection with the following allow rules | ||
index: 4, direction: inbound, conns: protocol: all, remote: sg3-ky (10.240.30.5/32,10.240.30.6/32), local: 0.0.0.0/0 | ||
|
||
TCP respond partly enabled by the following rules: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TCP respond partly enabled by the following rules: | |
TCP response partly enabled by the following rules: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there a test example where TCP response is not enabled at all? what is the output in such case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you add a link to the output file for this test?
do you specify by which NACL it is blocked?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here
The blocking NACL + rules are specified in debug ("Verbose") mode.
Not sure we want to add a blocking path. In most cases it is redundant and having such a path only in a small subset of the cases may be confusing. Lets discuss.
Resolves #529 - adds responsive details in explainability |
If this issue should be closed with this PR, it should also be linked to this PR. |
…9_explain_return_path
…nt src and dst ports will be tested. The test failed and so a bug was fixed.
No description provided.