The following is a list of known issues:
- In CPBM, when a VPC tier is created we do not associate it with any ACL list. Once the tier is created, the ACL tab in the networks page lists four default acl rules for that tier, which are:
Source/Destination ype Protocol Allow/Deny
0.0.0.0/0 Egress all allow
0.0.0.0/0 Ingress all allow
0.0.0.0/0 Egress all deny
0.0.0.0/0 Ingress all deny
These ACL rules are misleading and are listed due to http://bugs-ccp.citrix.com/browse/ES-1729. This is an api issue and the default iptable rules are applied properly in the VPC's virtual router, i.e. all incoming traffic to the guest networks is blocked and all outgoing traffic from guest networks is allowed.
To associate the tier with a new ACL list, create a new ACL rule from the ACL tab. Now the tier is associated with an ACL list which contains the ACL rule you just created and the same will be displayed in the ACL tab.