Hi Varun, Not sure if I follow your use case – the VR is built to provide services to VMs on the internal isolated network / VPC tier, the public interface is there for port forwarding / NATing to services hosted on the VMs. Hosting DHCP on the VR for clients on the public interface isn’t a supported use case – anything on the public interface is by definition considered untrusted.
I may have misunderstood you though? Regards, Dag Sonstebo Cloud Architect ShapeBlue On 07/03/2018, 03:21, "Kumar, Varun" <varku...@virtela.net> wrote: Thanks Dag. I am running into a scenario where a VR is required for dhcp service on the public Internet facing vlan and want to restrict connections to known trusted sources only. Has anyone in the community run into such a situation before and found a workaround ? Thanks, Varun -----Original Message----- From: Dag Sonstebo [mailto:dag.sonst...@shapeblue.com] Sent: Tuesday, March 06, 2018 05:41 PM To: firstname.lastname@example.org Subject: Re: Iptables on Virtual router EXTERNAL EMAIL Hi Varun, No there’s no method for this, all firewall rules for the VR are contained in the CloudStack database and written on demand when the VR is created or firewall changes made. Regards, Dag Sonstebo Cloud Architect ShapeBlue On 06/03/2018, 11:56, "Kumar, Varun" <varku...@virtela.net> wrote: Hello, Is it possible to write custom iptables on the Virtual router that's created by cloudstack and make it persistent across restarts ? It looks like /etc/iptables/router_rules.v4 on the VR is the file that's being created but I am looking for the script that creates this file. Any insight is appreciated. Thanks, Varun dag.sonst...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue dag.sonst...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue