Re: Automating creation of ACLs
Hi Andrija, I've setup the CloudMonkey on my local host and done some experimentation. It turns out that the API does support specifying multiple ips/networks per single ACL. The gui reflects this and shows a comma separated list. So, it looks like I can do everything I want from the CloudMonkey. what I've not tested is that it actually works and creates the fw rule on the virtual router. I will test that later on and revert back. Cheers - Original Message - > From: "Andrija Panic" > To: "users" > Sent: Friday, 3 May, 2019 17:04:24 > Subject: Re: Automating creation of ACLs > Hi Andrei, > > I didn't claim that work actually - did you test it, does it actually > works (if I understand correctly - you want in single rule to specify > multiple CIDR ranges instead of creating a rule for each CIDR range in > question) ? > > Best, > > > On Fri, 3 May 2019 at 17:36, Andrei Mikhailovsky > wrote: > >> Hi Andrija, >> >> I wasn't aware the API supports creating ACLs with multiple networks / IP >> addresses. >> >> Andrei >> >> - Original Message ----- >> > From: "Andrija Panic" >> > To: "users" >> > Sent: Friday, 3 May, 2019 16:11:37 >> > Subject: Re: Automating creation of ACLs >> >> > Hi Andrei, >> > >> > perhaps I got something wrong, but why don't you use API to create needed >> > ACL rules ? >> > >> > Andrija >> > >> > On Fri, 3 May 2019 at 17:04, Andrei Mikhailovsky >> >> > wrote: >> > >> >> Hello everyone, >> >> >> >> I have come across a need to create an ACLs that includes around 100 >> >> different IP addresses and network ranges for several services. Now, >> >> looking at the ACS gui, there is currently no way that I could find to >> >> create an ACL with multiple IP addresses / network ranges. Not sure why >> >> this hasn't been implemented. >> >> >> >> I am looking at a way to automate the creation of ACLs with CloudStack >> >> where ideally I could feed it a list of IP addresses and it would do its >> >> job at creating the ACLs. Otherwise it will take a day and sanity to do >> it >> >> manually. >> >> >> >> I am sure I am not the only one in the ACS community that requires a >> large >> >> set of ACLs. Could someone share their scripts / methods of achieving >> this? >> >> >> >> Thanks >> >> >> >> Andrei >> >> >> > >> > >> > -- >> > >> > Andrija Panić >> > > > -- > > Andrija Panić
Re: Automating creation of ACLs
Actually, I was wrong and made a mistake. The ACS gui does allow specifying multiple networks/IPS on the same ACL. I had a typo when I was testing it. All jolly good! Cheers - Original Message - > From: "Andrija Panic" > To: "users" > Sent: Friday, 3 May, 2019 17:04:24 > Subject: Re: Automating creation of ACLs > Hi Andrei, > > I didn't claim that work actually - did you test it, does it actually > works (if I understand correctly - you want in single rule to specify > multiple CIDR ranges instead of creating a rule for each CIDR range in > question) ? > > Best, > > > On Fri, 3 May 2019 at 17:36, Andrei Mikhailovsky > wrote: > >> Hi Andrija, >> >> I wasn't aware the API supports creating ACLs with multiple networks / IP >> addresses. >> >> Andrei >> >> - Original Message ----- >> > From: "Andrija Panic" >> > To: "users" >> > Sent: Friday, 3 May, 2019 16:11:37 >> > Subject: Re: Automating creation of ACLs >> >> > Hi Andrei, >> > >> > perhaps I got something wrong, but why don't you use API to create needed >> > ACL rules ? >> > >> > Andrija >> > >> > On Fri, 3 May 2019 at 17:04, Andrei Mikhailovsky >> >> > wrote: >> > >> >> Hello everyone, >> >> >> >> I have come across a need to create an ACLs that includes around 100 >> >> different IP addresses and network ranges for several services. Now, >> >> looking at the ACS gui, there is currently no way that I could find to >> >> create an ACL with multiple IP addresses / network ranges. Not sure why >> >> this hasn't been implemented. >> >> >> >> I am looking at a way to automate the creation of ACLs with CloudStack >> >> where ideally I could feed it a list of IP addresses and it would do its >> >> job at creating the ACLs. Otherwise it will take a day and sanity to do >> it >> >> manually. >> >> >> >> I am sure I am not the only one in the ACS community that requires a >> large >> >> set of ACLs. Could someone share their scripts / methods of achieving >> this? >> >> >> >> Thanks >> >> >> >> Andrei >> >> >> > >> > >> > -- >> > >> > Andrija Panić >> > > > -- > > Andrija Panić
Re: Automating creation of ACLs
Hi Andrei, I didn't claim that work actually - did you test it, does it actually works (if I understand correctly - you want in single rule to specify multiple CIDR ranges instead of creating a rule for each CIDR range in question) ? Best, On Fri, 3 May 2019 at 17:36, Andrei Mikhailovsky wrote: > Hi Andrija, > > I wasn't aware the API supports creating ACLs with multiple networks / IP > addresses. > > Andrei > > - Original Message - > > From: "Andrija Panic" > > To: "users" > > Sent: Friday, 3 May, 2019 16:11:37 > > Subject: Re: Automating creation of ACLs > > > Hi Andrei, > > > > perhaps I got something wrong, but why don't you use API to create needed > > ACL rules ? > > > > Andrija > > > > On Fri, 3 May 2019 at 17:04, Andrei Mikhailovsky > > > wrote: > > > >> Hello everyone, > >> > >> I have come across a need to create an ACLs that includes around 100 > >> different IP addresses and network ranges for several services. Now, > >> looking at the ACS gui, there is currently no way that I could find to > >> create an ACL with multiple IP addresses / network ranges. Not sure why > >> this hasn't been implemented. > >> > >> I am looking at a way to automate the creation of ACLs with CloudStack > >> where ideally I could feed it a list of IP addresses and it would do its > >> job at creating the ACLs. Otherwise it will take a day and sanity to do > it > >> manually. > >> > >> I am sure I am not the only one in the ACS community that requires a > large > >> set of ACLs. Could someone share their scripts / methods of achieving > this? > >> > >> Thanks > >> > >> Andrei > >> > > > > > > -- > > > > Andrija Panić > -- Andrija Panić
Re: Automating creation of ACLs
Hi Andrija, I wasn't aware the API supports creating ACLs with multiple networks / IP addresses. Andrei - Original Message - > From: "Andrija Panic" > To: "users" > Sent: Friday, 3 May, 2019 16:11:37 > Subject: Re: Automating creation of ACLs > Hi Andrei, > > perhaps I got something wrong, but why don't you use API to create needed > ACL rules ? > > Andrija > > On Fri, 3 May 2019 at 17:04, Andrei Mikhailovsky > wrote: > >> Hello everyone, >> >> I have come across a need to create an ACLs that includes around 100 >> different IP addresses and network ranges for several services. Now, >> looking at the ACS gui, there is currently no way that I could find to >> create an ACL with multiple IP addresses / network ranges. Not sure why >> this hasn't been implemented. >> >> I am looking at a way to automate the creation of ACLs with CloudStack >> where ideally I could feed it a list of IP addresses and it would do its >> job at creating the ACLs. Otherwise it will take a day and sanity to do it >> manually. >> >> I am sure I am not the only one in the ACS community that requires a large >> set of ACLs. Could someone share their scripts / methods of achieving this? >> >> Thanks >> >> Andrei >> > > > -- > > Andrija Panić
Re: Automating creation of ACLs
Hi Andrei, perhaps I got something wrong, but why don't you use API to create needed ACL rules ? Andrija On Fri, 3 May 2019 at 17:04, Andrei Mikhailovsky wrote: > Hello everyone, > > I have come across a need to create an ACLs that includes around 100 > different IP addresses and network ranges for several services. Now, > looking at the ACS gui, there is currently no way that I could find to > create an ACL with multiple IP addresses / network ranges. Not sure why > this hasn't been implemented. > > I am looking at a way to automate the creation of ACLs with CloudStack > where ideally I could feed it a list of IP addresses and it would do its > job at creating the ACLs. Otherwise it will take a day and sanity to do it > manually. > > I am sure I am not the only one in the ACS community that requires a large > set of ACLs. Could someone share their scripts / methods of achieving this? > > Thanks > > Andrei > -- Andrija Panić
