arrrgh... Not even the 9999 rule helps once I deploy all my tiers and rules.
Egress just seems broken on VPC in 4.14. Anybody successfully using Egress/VPC in 4.14? On Tue, 2020-10-13 09:37 AM, rva...@privaz.io.INVALID wrote: > Hi Rene, > > I know what you mean now: the "By default, all incoming traffic to > the guest networks is blocked and all outgoing traffic from guest > networks is allowed, once you add an ACL rule for outgoing traffic, then > only outgoing traffic specified in this ACL rule is allowed, the rest is > blocked." > > This is how I remembered it. > > However, It looks like the last bit (once you add an ACL rule for outgoing > traffic...) seems to be implemented in isolated networks but not in VPC tiers. > > I managed to achieve the desired behaviour by adding a: > > 9999 0.0.0.0/0 Egreess Deny ALL ALL > > Rule to my ACLs in VPC tiers, even thou there is already another Egress rule > present. > > However the Isolated networks that I have do not need it, as they do honour > the previous specification. > > I am going to create an issue and see if the team can reproduce this > behaviour. > > Regards, > Rafael > > On Mon, 2020-10-12 05:53 PM, Rene Moser " > target="_blank"><m...@renemoser.net> wrote: > > > On 12.10.20 17:30, rva...@privaz.io.INVALID wrote: > > > Am I missing something? > > > > > > It's been a while but I remember the default egress rule is "allow from > > all". > > > > https://docs.cloudstack.apache.org/en/4.14.0.0/adminguide/networking/virtual_private_cloud_config.html?#about-network-acl-lists > > > > The doc however seems to be inconsistent, the table says "Deny all" for > > outgoing. I guess this is a typo in the table there. > > > > Regards > > René > > > > > > >