<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: vSphere 5.5 | DVS |  ACL in vSphere™ vNetwork Discussions</title>
    <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384168#M1318</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Do a logical walkthrough:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Rule 1 = &lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;action: drop&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;traffic direction: egress&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;protocol is icmp&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;source ip address any&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;destination is no x.x.x.254&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;first action: drop&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;direction = egress&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;protocol = icmp&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;source ip = any&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;destination is everything EXCEPT x.x.x.254&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;so this rule drops ALL icmp EXCEPT to x.x.x.254&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Tue, 05 Nov 2013 06:30:53 GMT</pubDate>
    <dc:creator>HansdeJongh</dc:creator>
    <dc:date>2013-11-05T06:30:53Z</dc:date>
    <item>
      <title>vSphere 5.5 | DVS |  ACL</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384160#M1310</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;So i was so pleased to see that vsphere 5.5 would support acl's on dvs.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Then i started implementing it.&lt;/P&gt;&lt;P&gt;so i got a portgroup with 2 vms in it:&lt;/P&gt;&lt;P&gt;they have the following ip: x.x.x.236 and x.x.x.237&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I created the following rule:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;action: drop&lt;/P&gt;&lt;P&gt;traffic direction: egress&lt;/P&gt;&lt;P&gt;protocol is icmp&lt;/P&gt;&lt;P&gt;source ip address any&lt;/P&gt;&lt;P&gt;destination is no x.x.x.254&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;now i ping 2 ip's (x.x.x.1 and x.x.x.254) from both vm's. Only the .254 works (ofcourse.)&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;But then i create the next rule:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;action: drop&lt;/P&gt;&lt;P&gt;tarffic direction: egress&lt;/P&gt;&lt;P&gt;protocol is any&lt;/P&gt;&lt;P&gt;source ip is any&lt;/P&gt;&lt;P&gt;destination ip is any&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;after applying, i cant ping the .254 anymore?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;what am i doing wrong?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;regards&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 27 Sep 2013 14:37:28 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384160#M1310</guid>
      <dc:creator>HansdeJongh</dc:creator>
      <dc:date>2013-09-27T14:37:28Z</dc:date>
    </item>
    <item>
      <title>Re: vSphere 5.5 | DVS |  ACL</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384161#M1311</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I haven't played with dvSwitch ACLs myself yet, but this seems pretty self-explanatory if you ever had to do with firewalling rules. Packets are matched against the rule base in order until the first rule applies. &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;If you only have the first rule, it does not apply to pinging .254. So the implicit default rule is used to decide what to do. In this case with ACLs it's a default "allow any" rule and the packet is forwarded.&lt;/P&gt;&lt;P&gt;Now if you implement the 2nd rule, which denies any traffic, it will also drop what was previously allowed by the implicit "allow any" rule because this rule is checked before the implicit rule. Obviously you won't be able to communicate via ICMP pings (or any other traffic) anymore because this rule drops everything.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;What you need is an explicit rule allowing pings to .254, that comes before the drop all rule in your rule base. Change the first rule to "allow" and the destination to .254 (without negation).&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 30 Sep 2013 09:35:19 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384161#M1311</guid>
      <dc:creator>MKguy</dc:creator>
      <dc:date>2013-09-30T09:35:19Z</dc:date>
    </item>
    <item>
      <title>Re: vSphere 5.5 | DVS |  ACL</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384162#M1312</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;we are talking about non statefull rules, so firewall rules have nothing to do with it.&lt;/P&gt;&lt;P&gt;What im used to with ACL's on switch level (this is what vmware is trying to do) it will stop processing rules when it hits a rule "says" something about the rule.&lt;/P&gt;&lt;P&gt;So if i allow ICMP and what to disallow everything else i first create a rule which allows icmp and blocks everything else.&lt;/P&gt;&lt;P&gt;With some switch brands you dont even have to create a drop all rule. It will drop everything when there is no matching rule.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 30 Sep 2013 09:41:27 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384162#M1312</guid>
      <dc:creator>HansdeJongh</dc:creator>
      <dc:date>2013-09-30T09:41:27Z</dc:date>
    </item>
    <item>
      <title>Re: vSphere 5.5 | DVS |  ACL</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384163#M1313</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;BLOCKQUOTE&gt;
&lt;P&gt;HansdeJongh wrote:&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;But then i create the next rule:&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;action: drop&lt;/P&gt;
&lt;P&gt;tarffic direction: egress&lt;/P&gt;
&lt;P&gt;protocol is any&lt;/P&gt;
&lt;P&gt;source ip is any&lt;/P&gt;
&lt;P&gt;destination ip is any&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;after applying, i cant ping the .254 anymore?&lt;/P&gt;
&lt;P&gt;&lt;/P&gt;
&lt;P&gt;what am i doing wrong?&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Your first rule is a drop rule. And then this rule is also a drop rule. You have not created any allow rules.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The rule you describe is designed to drop all traffic. It is literally "Drop all egress traffic of any protocol, from any source, to any destination." It is working as intended.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Typically you create drop rules for what you wish to block, and then follow up with a "permit any any" type of rule.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 02 Oct 2013 01:22:06 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384163#M1313</guid>
      <dc:creator>chriswahl</dc:creator>
      <dc:date>2013-10-02T01:22:06Z</dc:date>
    </item>
    <item>
      <title>Re: vSphere 5.5 | DVS |  ACL</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384164#M1314</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;it is not working as intended. Vmware support already concluded that and filled a PR.&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;With acl's you create an allow rule, with some switching brands everything else is dropped without creating a drop rule. But with some you still have to create a drop all rule.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 18 Oct 2013 19:55:46 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384164#M1314</guid>
      <dc:creator>HansdeJongh</dc:creator>
      <dc:date>2013-10-18T19:55:46Z</dc:date>
    </item>
    <item>
      <title>Re: vSphere 5.5 | DVS |  ACL</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384165#M1315</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Perhaps you copied your rules down incorrectly when you shared them? Because you stated that you created this rule:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;BLOCKQUOTE&gt;
&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;action: drop&lt;/P&gt;
&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;tarffic direction: egress&lt;/P&gt;
&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;protocol is any&lt;/P&gt;
&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;source ip is any&lt;/P&gt;
&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;destination ip is any&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;If you read that rule, it literally says "drop all traffic" - and then your traffic is dropped. How is this not working as intended?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 18 Oct 2013 21:40:22 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384165#M1315</guid>
      <dc:creator>chriswahl</dc:creator>
      <dc:date>2013-10-18T21:40:22Z</dc:date>
    </item>
    <item>
      <title>Re: vSphere 5.5 | DVS |  ACL</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384166#M1316</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;your overlooking the "no" part in the first drop rule.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;but lets put it differently.&lt;/P&gt;&lt;P&gt;What if i want to disallowe EVERYTHING except icmp to .254 how should i do that.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Sat, 19 Oct 2013 06:42:17 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384166#M1316</guid>
      <dc:creator>HansdeJongh</dc:creator>
      <dc:date>2013-10-19T06:42:17Z</dc:date>
    </item>
    <item>
      <title>Re: vSphere 5.5 | DVS |  ACL</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384167#M1317</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;BLOCKQUOTE&gt;
&lt;P&gt;What if i want to disallowe EVERYTHING except icmp to .254 how should i do that.&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;You'd just need a permit statement for that traffic prior to a matching drop rule.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Do a logical walkthrough:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Rule 1 = &lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;action: drop&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;traffic direction: egress&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;protocol is icmp&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;source ip address any&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;destination is no x.x.x.254&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;This is a drop rule, so &lt;STRONG&gt;it is looking for traffic to drop&lt;/STRONG&gt;. Your ICMP packet to &lt;SPAN style="color: #666666; font-family: proxima-nova, Arial, sans-serif; font-size: 14px;"&gt;x.x.x.254&lt;/SPAN&gt; does not match this rule. The ACL moves on to the next rule.&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;Rule 2 = &lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;action: drop&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;tarffic direction: egress&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;protocol is any&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;source ip is any&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;destination ip is any&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;&lt;SPAN style="color: #666666; font-family: proxima-nova, Arial, sans-serif; font-size: 14px;"&gt;This is a drop rule, so &lt;/SPAN&gt;&lt;STRONG style="color: #666666; font-family: proxima-nova, Arial, sans-serif; font-size: 14px;"&gt;it is looking for traffic to drop&lt;/STRONG&gt;&lt;SPAN style="color: #666666; font-family: proxima-nova, Arial, sans-serif; font-size: 14px;"&gt;. Your ICMP packet to &lt;SPAN style="color: #666666; font-family: proxima-nova, Arial, sans-serif; font-size: 14px;"&gt;x.x.x.254&lt;/SPAN&gt; &lt;STRONG&gt;DOES&lt;/STRONG&gt; match this rule. The packet is droped.&lt;/SPAN&gt;&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;&lt;SPAN style="color: #666666; font-family: proxima-nova, Arial, sans-serif; font-size: 14px;"&gt;&lt;BR /&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;&lt;SPAN style="color: #666666; font-family: proxima-nova, Arial, sans-serif; font-size: 14px;"&gt;Instead, make sure Rule 1 is a &lt;STRONG&gt;permit&lt;/STRONG&gt; that allows traffic matching your &lt;SPAN style="color: #666666; font-family: proxima-nova, Arial, sans-serif; font-size: 14px;"&gt;x.x.x.254&lt;/SPAN&gt; traffic. The ACL will match the rule to the traffic and &lt;STRONG&gt;permit&lt;/STRONG&gt; it and stop looking at the rules, even if there is a drop rule further down the list.&lt;BR /&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 04 Nov 2013 21:33:10 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384167#M1317</guid>
      <dc:creator>chriswahl</dc:creator>
      <dc:date>2013-11-04T21:33:10Z</dc:date>
    </item>
    <item>
      <title>Re: vSphere 5.5 | DVS |  ACL</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384168#M1318</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Do a logical walkthrough:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Rule 1 = &lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;action: drop&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;traffic direction: egress&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;protocol is icmp&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;source ip address any&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;destination is no x.x.x.254&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;first action: drop&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;direction = egress&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;protocol = icmp&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;source ip = any&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;destination is everything EXCEPT x.x.x.254&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;so this rule drops ALL icmp EXCEPT to x.x.x.254&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 05 Nov 2013 06:30:53 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384168#M1318</guid>
      <dc:creator>HansdeJongh</dc:creator>
      <dc:date>2013-11-05T06:30:53Z</dc:date>
    </item>
    <item>
      <title>Re: vSphere 5.5 | DVS |  ACL</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384169#M1319</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;BLOCKQUOTE&gt;
&lt;P&gt; so this rule drops ALL icmp EXCEPT to x.x.x.254&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Correct. The ICMP packet is then dropped because of Rule 2. If you want to allow only ICMP to x.x.x.254, the rules would look like this:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;Rule 1&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;action: permit&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;traffic direction: egress&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;protocol is icmp&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;source ip address any&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;destination is x.x.x.254&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;Rule 2&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;action: drop&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;tarffic direction: egress&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;protocol is any&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;source ip is any&lt;/P&gt;&lt;P style="margin: 2px; font-size: 14px; font-family: proxima-nova, Arial, sans-serif; color: #666666;"&gt;destination ip is any&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 05 Nov 2013 14:07:23 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384169#M1319</guid>
      <dc:creator>chriswahl</dc:creator>
      <dc:date>2013-11-05T14:07:23Z</dc:date>
    </item>
    <item>
      <title>Re: vSphere 5.5 | DVS |  ACL</title>
      <link>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384170#M1320</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;I also add a simalr problem.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;x.x.x.x to x.x.x.x drop &lt;/P&gt;&lt;P&gt;and then x.x.x.x to any or to x.x.x.y/24 there was java problem.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 05 Nov 2013 14:59:17 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vSphere-vNetwork-Discussions/vSphere-5-5-DVS-ACL/m-p/384170#M1320</guid>
      <dc:creator>yonish</dc:creator>
      <dc:date>2013-11-05T14:59:17Z</dc:date>
    </item>
  </channel>
</rss>

