Varun,

If you're talking about allowing access to VMs behind VR from specific
Internet sources, that is as simple as adding source in firewall (by
clicking on public IP of network or VM) at cloud-stack level where you
define TCP/UDP protocol and port number etc.  I know this is very simple,
but just thought I would mention it  anyways.



--
Makrand


On Wed, Mar 7, 2018 at 8:51 AM, Kumar, Varun <varku...@virtela.net> wrote:

> Thanks Dag.
>
> I am running into a scenario where a VR is required for dhcp service on
> the public Internet facing vlan and want to restrict connections to known
> trusted sources only.
>
> Has anyone in the community run into such a situation before and found a
> workaround ?
>
> Thanks,
> Varun
>
>
> -----Original Message-----
> From: Dag Sonstebo [mailto:dag.sonst...@shapeblue.com]
> Sent: Tuesday, March 06, 2018 05:41 PM
> To: users@cloudstack.apache.org
> Subject: Re: Iptables on Virtual router
>
> EXTERNAL EMAIL
>
> Hi Varun,
>
> No there’s no method for this, all firewall rules for the VR are contained
> in the CloudStack database and written on demand when the VR is created or
> firewall changes made.
>
> Regards,
> Dag Sonstebo
> Cloud Architect
> ShapeBlue
>
> On 06/03/2018, 11:56, "Kumar, Varun" <varku...@virtela.net> wrote:
>
>     Hello,
>
>     Is it possible to write custom iptables  on the Virtual router that's
> created by cloudstack  and make it persistent across restarts ?
>
>     It looks like /etc/iptables/router_rules.v4  on the VR is the file
> that's being created  but I am looking for the script that creates this
> file.
>
>     Any insight is appreciated.
>
>     Thanks,
>     Varun
>
>
>
>
> dag.sonst...@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
>

Reply via email to