security groups are managed by the agent calling /usr/share/cloudstack-common/scripts/vm/network/security_group.py. You may be able to tweak that script, or call it, to have your desired result. it IS basically just an ebtables edit.
On Fri, Aug 16, 2013 at 1:51 PM, Kelcey Jamison Damage <kel...@backbonetechnology.com> wrote: > Well there are rules on the VR for sure, these are not persistent so any > alterations will break if rebooted/rebuilt < one of those. And there are > rules on the Hosts. > > The VR is the first place to mess around in. > > ----- Original Message ----- > From: "Maurice Lawler" <maurice.law...@me.com> > To: dev@cloudstack.apache.org > Sent: Friday, August 16, 2013 12:48:00 PM > Subject: Re: Easiest Way... > > I recall it being fairly simple, by adding / removing a rule from the > ebtables, so my method of thinking isn't to complex, I was hoping someone on > the list could point me in the right direction. > > > On Aug 16, 2013, at 3:41 PM, Kelcey Jamison Damage > <kel...@backbonetechnology.com> wrote: > >> Ok so this would make it very difficult to achieve. With Advanced zones you >> have the flexibility to make some of this stuff work. Basic was not intended >> for this purpose. Advanced zone with SG enabled would give you the tools >> needed to accomplish your goal. >> >> Also if the secondary subnet is NOT for legacy systems support, then the VPC >> service would work as well. >> >> ----- Original Message ----- >> From: "Maurice Lawler" <maurice.law...@me.com> >> To: dev@cloudstack.apache.org >> Cc: kel...@backbonetechnology.com >> Sent: Friday, August 16, 2013 12:36:32 PM >> Subject: Re: Easiest Way... >> >> I am not utilizing advanced, I am utilizing basic; which I know can be done, >> via editing the ebtables, but I cannot recall how to do this. Yes, this >> secondary subnet requires it's own gateway. >> >> >