Hi Eric, On Sun, Aug 28, 2016 at 2:50 AM, Eric Ripa <[email protected]> wrote: > 1) By default outgoing traffic is allowed. It seems like I need to explicitly > block every port/protocol if I want to block outgoing traffic. Is it somehow > possible to block all outgoing traffic with exceptions (and possibly being > statefull)?
There's no way to say "block everything, except for what these additional rules allow", currently. What you can do though is make use of port ranges to block several different ranges. So, for example: FROM vm <uuid> TO any BLOCK ports 1-79, 81-442, 444-65535 Would allow outbound connections to ports 80 and 443. > 2) Are fwadm rules supposed to work for lx branded zones? I cannot seem to > get them working, they get added and are enabled. But the rules are not > applied, see below. (the 722b…. zone is a SmartOS zone where rules are > working) > > > # fwadm list > UUID ENABLED RULE > 692b5409-3616-4f68-b140-7fc2af6b1884 true FROM vm > 722b3073-e771-6217-cc5d-a30f4fdd7ff3 TO vm > 23d8f7a0-6451-623c-dc9a-b5e46314f7ed ALLOW tcp PORT 8080 > > # fwadm vms 692b5409-3616-4f68-b140-7fc2af6b1884 > 23d8f7a0-6451-623c-dc9a-b5e46314f7ed Is the vm 722b3073-e771-6217-cc5d-a30f4fdd7ff3 on the same SmartOS box? If it isn't, then fwadm won't know what addresses to use to generate the rule. - Cody ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
