cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fariborz Navidan <mdvlinqu...@gmail.com>
Subject Re: Change default egresss rule
Date Mon, 04 Nov 2019 22:02:04 GMT
I am using Advanced Networking mode. I want to block some destination CIDRs
(Egress) for some VM instances.  I have currently one shared guest network
with default egress allowed.  I want to create another shared network with
default egress denied so I can explicitly allow all outbound traffic except
those CIDRs.

When you create a new Network Offering, UI does not have any option to
choose default Egress rule for and it is dictated by zone settings.

On Tue, Nov 5, 2019 at 1:15 AM Riepl, Gregor (SWISS TXT) <
Gregor.Riepl@swisstxt.ch> wrote:

> Hi Fariborz,
>
> Sorry, I don't quite understand what you're referring to.
>
> For Advanced Networking with a virtual router, you have to create egress
> rules yourself, using
> https://cloudstack.apache.org/api/apidocs-4.11/apis/createEgressFirewallRule.html
> or the UI. The same applies to VPCs.
>
> On Basic Networks, you should be able to use SecurityGroups:
>
> http://docs.cloudstack.apache.org/en/latest/adminguide/networking/security_groups.html
>
> The Security Group APIs are separate from the Instance APIs, so you can
> create your SG, apply egress rules, then apply the SG to the instance via
> the deployVirtualMachine securitygroupnames parameter.
>
> Which kind of network are you using?
>
> Regards,
> Gregor
> ________________________________
> From: Fariborz Navidan <mdvlinquest@gmail.com>
> Sent: 04 November 2019 18:38
> To: users@cloudstack.apache.org <users@cloudstack.apache.org>
> Subject: Change default egresss rule
>
> Hello,
>
> When create a new network, there is no option to choose default egress
> rule. How can we change it before creating VM on that network?
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message