CodeBleu commented on issue #8863: URL: https://github.com/apache/cloudstack/issues/8863#issuecomment-2950929370
Not sure if this is the correct place to ask or not, but with my current issue of locking down a Load Balancer in a VPC network. I've ran into issues where the VPC network ACL doesn't work for a Load Balancer and I'm not sure what the expected behavior should be? If I create or [update source CIDR](https://github.com/apache/cloudstack/pull/10968) of the LB rule it will restrict based on the source CIDR, however nothing in the VPC ACL will actually restrict access to my LB This is completely different behavior when it's a non-VPC. A non-VPC network will actually use the firewall correctly to restrict the access. I believe the Load Balancer source CIDR itself should be the first line of defense and if it is set to (0.0.0.0/0 - default), then the firewall ( non-vpc ) or ACL ( VPC ) should be the next line of defense. Any help in the direction this should go would be much appreciated. I'm needing this to work for the cloudstack-kubernetes-provider so it can set the LB source CIDR on creation, as the creation of the ACL's are not working and just leaves things wide open based on the default source CIDR of the LB being open by default. @Pearl1594 It appears you last worked on [this](https://github.com/apache/cloudstack-kubernetes-provider/pull/69), and hopefully you can be of some help here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
