Yes,

I also found that confusing. 

So, I decided to create one ACL per tier, with the same name as the tier.

Since my rules are created by (the fantastic ;) ansible modules... I can have 
as many as I want, pretty fine grained.

I have checked that the ACLs and tiers are (still) assigned correctly too. 

So, I don't expect those default ACLs to be in use at all. 

But maybe I am misunderstanding something ?!

Since I remember this working before I have destroyed the environment and I am 
going to re-deploy step by step.... see where this breaks.

Regards,
Rafael

On Mon, 2020-10-12 05:53 PM, Rene Moser <m...@renemoser.net> wrote:
> 
On 12.10.20 17:30, rva...@privaz.io.INVALID wrote:
> > Am I missing something?
> 
> 
> It's been a while but I remember the default egress rule is "allow from 
> all".
> 
> https://docs.cloudstack.apache.org/en/4.14.0.0/adminguide/networking/virtual_private_cloud_config.html?#about-network-acl-lists
> 
> The doc however seems to be inconsistent, the table says "Deny all" for 
> outgoing. I guess this is a typo in the table there.
> 
> Regards
> René
> 
> 
> 

Reply via email to