Yes, egress firewall default action is 'BLOCK'. Here is a nice blog from Radhika http://writersopendiary.wordpress.com/2013/05/27/egress-firewall-rules-in-a pache-cloudstack/
On 27/06/13 2:21 PM, "WXR" <474745...@qq.com> wrote: >By the way , when I select the default guestnetworkwithsourceNAT and >create an instance,the vm can not access to the Internet,is this a >default setting?how can I let the vm access the Internet? > > > > >------------------ Original ------------------ >From: "Murali Reddy"<murali.re...@citrix.com>; >Date: Thu, Jun 27, 2013 04:46 PM >To: "users@cloudstack.apache.org"<users@cloudstack.apache.org>; > >Subject: Re: How to create a network offering without firewall? > > > > >Also, by default all the ports that will be used by edge services are >blocked by iptable config in the router VM templates. They needed to be >opened explicitly with firewall rules. > >On 27/06/13 2:08 PM, "Jayapal Reddy Uradi" <jayapalreddy.ur...@citrix.com> >wrote: > >>With out firewall provider you can't have sourceNAT and static NAT >>services because these services are provided by firewall provider only. >> >>Thanks, >>Jayapal >> >>On 27-Jun-2013, at 1:35 PM, WXR <474745...@qq.com> >> wrote: >> >>> If I create a new network offering and check >>>dns,dhcp,userdata,sourceNAT,staticNAT,not check the firewall service.But >>>the firewall will be added into it automatically. >>> I don't need the firewall service ,how can I create a network offering >>>without firewall? >> >> > > >.