i just made some test regarding the commit Mechanism when applying or removing new Rules on secgroup when i just saw a behavior which, with my understanding, shouldn't happen.
The Applying of a new rule (for example allow icmp Packages) are working almost instantly.
BUT when i try to remove a rule from the secgroup, it doesn't work for already running VM. I had to remove the NIC, attach it again and reboot the VM.
In both cases i can see the new rule is popping up and disappear in the VM/Network section of the NIC on the VM but the rule is not going to be removed.
1 Testnetwork called :Testnet
1 security rule applied to Testnet (this is also the only secgroup for Testnet)
1 VM within Testnet
1 Physical machine which is also wired up into Testnet
How i tested it:
- Drop all rules in the Secgroup so nothing is allowed.
- Start the VM within this environment
- Ping the IP of the VM from Physical Machine -> no ping possible as expected
- Apply inbound icmp Rule into Secgroup.
- Ping VM again -> Ping works as expected
- Remove icmp Rule from point 4. (also checked that the rule disappear on the VM NIC)
- Ping once again -> Ping still works -> not as i expect.
My Question here:
Is it a feature or a Bug?