I am using Advanced Networking mode. I want to block some destination CIDRs (Egress) for some VM instances. I have currently one shared guest network with default egress allowed. I want to create another shared network with default egress denied so I can explicitly allow all outbound traffic except those CIDRs.
When you create a new Network Offering, UI does not have any option to choose default Egress rule for and it is dictated by zone settings. On Tue, Nov 5, 2019 at 1:15 AM Riepl, Gregor (SWISS TXT) < [email protected]> wrote: > Hi Fariborz, > > Sorry, I don't quite understand what you're referring to. > > For Advanced Networking with a virtual router, you have to create egress > rules yourself, using > https://cloudstack.apache.org/api/apidocs-4.11/apis/createEgressFirewallRule.html > or the UI. The same applies to VPCs. > > On Basic Networks, you should be able to use SecurityGroups: > > http://docs.cloudstack.apache.org/en/latest/adminguide/networking/security_groups.html > > The Security Group APIs are separate from the Instance APIs, so you can > create your SG, apply egress rules, then apply the SG to the instance via > the deployVirtualMachine securitygroupnames parameter. > > Which kind of network are you using? > > Regards, > Gregor > ________________________________ > From: Fariborz Navidan <[email protected]> > Sent: 04 November 2019 18:38 > To: [email protected] <[email protected]> > Subject: Change default egresss rule > > Hello, > > When create a new network, there is no option to choose default egress > rule. How can we change it before creating VM on that network? >
