If I understand correctly your use case security groups can be probably used to satisfy your goal with Neutron.
Groups of isolated VMs in the same network can be assigned to different security groups. Traffic among different groups will be dropped unless unable by a specific security group rule. Still I am not sure if this is your goal - as you wrote that you want to forbid traffic between VMs and floating IPs, you might be trying to achieve something different. Salvatore On 7 July 2015 at 18:38, Marco Mariani <marco.mari...@alterway.fr> wrote: > Hi, > > I'm using Neutron+VLAN. Is it possible to isolate VMs in the same tenant > network, and filter traffic according to security rules? > > In my understanding the allow_same_net_traffic in nova.conf only affects > nova-network and not Neutron behavior. > > On the same note, I'd like to forbid traffic to between VMs and floating > IPs, even if there is a router to allows egress traffic to the Internet... > > Thanks > > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack