Hi Nux,
1. By default we are allowing egress in SG. 2. But when you configure any rule in egress, it allows ONLY configured rule traffic and other traffic will be BLOCKED. If admin wants allow to only specific ports/addresses this can be done by configuring SG egress rules. In my firewalls, the default egress is allow for trusted networks. Thanks, Jayapal On 25-Jan-2014, at 6:58 AM, Nux! <n...@li.nux.ro> wrote: > On 25.01.2014 01:12, Marcus Sorensen wrote: >> Are you talking about the rules that ensure an instance can't bring up and >> use IP addresses that are not assigned to it? > > I'm not sure. Here's a pic: > http://img.nux.ro/jC4b-Selection_015.png > > The anti-spoofing is working ok, supposedly, but I was expecting that either: > 1 - egress is blocked by default, just like ingress, so just ports/addresses > specified there can be accessed > 2 - less orthodox, but since we allow all outgoing by default for a VM then > make this is a blacklist instead of a whitelist, ie ports/addresses specified > here cannot be accessed > > Do I make any sense? > > Lucian > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro
