Re: [I] Support ACL based on Domain/URL instead of IP [cloudstack]
DaanHoogland commented on issue #8917: URL: https://github.com/apache/cloudstack/issues/8917#issuecomment-2059305975 Yes @btzq , there is, as described above, but the programming needs to be done on the VR. I am just saying it is not a trivial job. It is certainly possible. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] Support ACL based on Domain/URL instead of IP [cloudstack]
btzq commented on issue #8917: URL: https://github.com/apache/cloudstack/issues/8917#issuecomment-2059117638 We got this idea on some enterprise firewalls like PFSense. Is there no way to achieve a similar result? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] Support ACL based on Domain/URL instead of IP [cloudstack]
DaanHoogland commented on issue #8917: URL: https://github.com/apache/cloudstack/issues/8917#issuecomment-2058290870 As ACLs are implemented using iptables there is not a trivial way to implement this. The VR will have to use ipset and dig/nslookup to create sets of ips from domain names and (re)apply those. It will be hard to make this relyable if users try to change those on the fly, or reorder them. There also needs to be a mechanism to update them automatically as DNS entruies for them may change out of bounds. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[I] Support ACL based on Domain/URL instead of IP [cloudstack]
btzq opened a new issue, #8917: URL: https://github.com/apache/cloudstack/issues/8917 # ISSUE TYPE * Improvement Request # COMPONENT NAME ~~~ Improvement Request (Functionality) ~~~ # CLOUDSTACK VERSION ~~~ 4.19 ~~~ # CONFIGURATION N/A # OS / ENVIRONMENT N/A # SUMMARY Note: This ticket is broken down as requested from the origianl post, https://github.com/apache/cloudstack/issues/8841 **Support ACL based on Domain/URL instead of IP** - As a company, sometimes i would like to block access to specific sites (eg. google drive), which is based on domain. - But i am unable to do so because, ACL Rules are based on explicitly specifying the IP address. - Specifying the IP address/range of the intended website will be tedious and non-practical. # STEPS TO REPRODUCE N/A ~~~ N/A ~~~ # EXPECTED RESULTS ~~~ To be able to manage ACL Rules more easily for enterprise use cases. ~~~ # ACTUAL RESULTS ~~~ Unable to effectively block access to certain sites using URL/Domain ~~~ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org