I am using Advanced Networking mode. I want to block some destination CIDRs
(Egress) for some VM instances. I have currently one shared guest network
with default egress allowed. I want to create another shared network with
default egress denied so I can explicitly allow all outbound traffic exce
Hi Fariborz,
Sorry, I don't quite understand what you're referring to.
For Advanced Networking with a virtual router, you have to create egress rules
yourself, using
https://cloudstack.apache.org/api/apidocs-4.11/apis/createEgressFirewallRule.html
or the UI. The same applies to VPCs.
On Basic
Hi Paul,
Thanks for your quick answer !
Florent
- Mail original -
> De: "Paul Angus"
> À: "users"
> Envoyé: Lundi 4 Novembre 2019 18:20:11
> Objet: RE: Security Groups default behavior
> Hi Florent,
>
> No, two VMs in the same security group will have the same rules applied to
> the
Hello,
When create a new network, there is no option to choose default egress
rule. How can we change it before creating VM on that network?
Hi Florent,
No, two VMs in the same security group will have the same rules applied to
them. So if they both allow outbound port 22, they won't be able to talk over
SSH, as neither allows inbound SSH.
If your network was created with a default allow, then they will be able to
communicate over
Hello,
I'm looking for the default behavior for Security Groups when using a shared
network with SG support. Can't find it in the docs.
Are two VM in the same SG implicitly allowed to communicate with each other ?
Maybe i'm wrong but it's seemed to be the case with 4.9.3 (KVM) but not anymore
There's nothing in the API or the UI. We just change it in the DB.
On Mon, 4 Nov 2019 at 13:48, Melanie Desaive
wrote:
>
> Hi Richard,
>
> thank you for this hint.
>
> I had a look in the database, and yes, all Network Offeringns in the
> table network_offerings still reference the old System/Di
Any idea?
On Sat, Nov 2, 2019 at 5:22 PM Fariborz Navidan
wrote:
> Thanks for reply. How should we block a egress CIDR from specific source
> CIDR when default egress policy of the network offering is "Allow"? What
> will be behavior of Egress rules in a SG on the network?
>
> On Sat, Nov 2, 201
Hi Richard,
thank you for this hint.
I had a look in the database, and yes, all Network Offeringns in the
table network_offerings still reference the old System/Disk offering
IDs from disk_offering/system_offering.
Is there an intended way to change
"network_offerings.service_offering_id" for an
