Hi Pratik, You probably want to create a new custom ACL list and add your own ACL rules. Go to the tier and replace the ‘default_allow’ ACL list with the new one.
-Jithin From: Pratik Chandrakar <[email protected]> Date: Wednesday, 17 May 2023 at 8:33 AM To: [email protected] <[email protected]> Subject: Re: Managing Security bewteen account in Advanced Zone without SG Hi Loges, Thanks for the update. On Wed, May 17, 2023 at 12:59 PM Logeswaran T <[email protected]> wrote: > Hi Pratik, > > We now have a request open in cloudstack github for a VPC ACL issue. > > https://github.com/apache/cloudstack/issues/7483 > > The changes are tracked in this thread. > > Regards, > Loges > www.stackbill.com<http://www.stackbill.com> > > On Wed, May 17, 2023 at 11:28 AM Pratik Chandrakar < > [email protected]> wrote: > > > Hi all, > > Curious to know how others are managing isolation between VMs of > different > > accounts in the Advanced Zone without SG deployment, as most users opt > for > > default_allow policy for their VPC. Because of default_allow policy all > > ports are opened between public ip (static nat) irrespective of VLAN used > > in VPC. Is there any option to remove default_allow policy for VPC so > that > > it can't be selected or any other method available? > > Please advise > > > > -- > > *Regards,* > > *Pratik Chandrakar* > > > > -- > > > > > *This E-mail is confidential. It may also be legally privileged. If you > are not the addressee you may not copy, forward, disclose or use any part > of > it. If you have received this message in error, please delete it and all > copies > from your system and notify the sender immediately by return E-mail. > Internet > communications cannot be guaranteed to be timely, secure, error or > virus-free. > The sender does not accept liability for any errors or > omissions* > -- *Regards,* *Pratik Chandrakar*
