I am using Advanced Networking mode. I want to block some destination CIDRs
(Egress) for some VM instances. I have currently one shared guest network
with default egress allowed. I want to create another shared network with
default egress denied so I can explicitly allow all outbound traffic except
those CIDRs.
When you create a new Network Offering, UI does not have any option to
choose default Egress rule for and it is dictated by zone settings.
On Tue, Nov 5, 2019 at 1:15 AM Riepl, Gregor (SWISS TXT) <
Gregor.Riepl@swisstxt.ch> wrote:
> Hi Fariborz,
>
> Sorry, I don't quite understand what you're referring to.
>
> For Advanced Networking with a virtual router, you have to create egress
> rules yourself, using
> https://cloudstack.apache.org/api/apidocs-4.11/apis/createEgressFirewallRule.html
> or the UI. The same applies to VPCs.
>
> On Basic Networks, you should be able to use SecurityGroups:
>
> http://docs.cloudstack.apache.org/en/latest/adminguide/networking/security_groups.html
>
> The Security Group APIs are separate from the Instance APIs, so you can
> create your SG, apply egress rules, then apply the SG to the instance via
> the deployVirtualMachine securitygroupnames parameter.
>
> Which kind of network are you using?
>
> Regards,
> Gregor
> ________________________________
> From: Fariborz Navidan <mdvlinquest@gmail.com>
> Sent: 04 November 2019 18:38
> To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> Subject: Change default egresss rule
>
> Hello,
>
> When create a new network, there is no option to choose default egress
> rule. How can we change it before creating VM on that network?
>
|