Specifically, look at neutron security-group-rule-create:
usage: neutron security-group-rule-create [-h] [-f {shell,table}] [-c
COLUMN]
[--variable VARIABLE]
[--prefix PREFIX]
[--request-format {json,xml}]
[--tenant-id TENANT_ID]
[--direction {ingress,egress}]
[--ethertype ETHERTYPE]
[--protocol PROTOCOL]
[--port-range-min PORT_RANGE_MIN]
[--port-range-max PORT_RANGE_MAX]
[--remote-ip-prefix
REMOTE_IP_PREFIX]
[--remote-group-id REMOTE_GROUP]
SECURITY_GROUP
The --direction option is what you're looking for. You may need to remove
a default egress rule... I think by default it allows everything.
On 5/13/15, 3:39 PM, "Abel Lopez" <[email protected]> wrote:
>Yes, you can define egress security group rules.
>
>> On May 13, 2015, at 2:32 PM, Gustavo Randich
>><[email protected]> wrote:
>>
>> Hi,
>>
>> Is there any way to filter outgoing VM traffic in Icehouse, preferably
>>using security groups? I.e. deny all traffic except to certain IPs
>>
>> Thanks!
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> [email protected]
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
_______________________________________________
OpenStack-operators mailing list
[email protected]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
