(cloudstack-documentation) branch 4.20 updated: Clarification of Network ACL rules and Security group rules (#568)

Wed, 22 Oct 2025 02:49:40 -0700 

This is an automated email from the ASF dual-hosted git repository.

weizhou pushed a commit to branch 4.20
in repository https://gitbox.apache.org/repos/asf/cloudstack-documentation.git


The following commit(s) were added to refs/heads/4.20 by this push:
     new 5f003697 Clarification of Network ACL rules and Security group rules 
(#568)
5f003697 is described below

commit 5f003697d30bd7fec1d27aa0c563356781ce37f6
Author: Wei Zhou <[email protected]>
AuthorDate: Wed Oct 22 11:48:49 2025 +0200

    Clarification of Network ACL rules and Security group rules (#568)
---
 source/adminguide/networking/security_groups.rst              | 5 +++++
 source/adminguide/networking/virtual_private_cloud_config.rst | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/source/adminguide/networking/security_groups.rst 
b/source/adminguide/networking/security_groups.rst
index 241ef1c1..e17a878f 100644
--- a/source/adminguide/networking/security_groups.rst
+++ b/source/adminguide/networking/security_groups.rst
@@ -216,6 +216,11 @@ Adding Ingress and Egress Rules to a Security Group
 #. Click Add.
 
 
+.. note::
+- If there is no Egress rule in a Security Group, all the outgoing traffic 
will be allowed
+- If there are Egress rules in a Security Group, only the outgoing traffic 
which match a Egress rule will be allowed
+- Only the incoming traffic which match a Ingress rule will be allowed
+
 .. |httpaccess.png| image:: /_static/images/http-access.png
    :alt: allows inbound HTTP access from anywhere.
 
diff --git a/source/adminguide/networking/virtual_private_cloud_config.rst 
b/source/adminguide/networking/virtual_private_cloud_config.rst
index 9edcc5c5..c656128b 100644
--- a/source/adminguide/networking/virtual_private_cloud_config.rst
+++ b/source/adminguide/networking/virtual_private_cloud_config.rst
@@ -355,6 +355,8 @@ Afterwards traffic can be white- or blacklisted.
 - ACL rules for ingress and egress are not correlating. For example a
   egress "deny all" won't affect traffic in response to an allowed ingress
   connection
+- The incoming traffic which does not match any ACL rules will be denied
+- The outgoing traffic which does not match any ACL rules will be allowed
   
 
 Creating ACLs

Reply via email to