Hi Fariborz, Currently there is no options for action (allow/deny) for each rule, all rules are allowed. I think it is a good feature to support action (allow/deny) and rule number (so rules are ordered) in security groups rules, like the network ACL in VPC. https://docs.cloudstack.apache.org/en/latest/adminguide/networking/virtual_private_cloud_config.html#creating-an-acl-rule
Can you create a github issue for the improvement ? -Wei On Mon, 27 Nov 2023 at 23:20, Fariborz Navidan <[email protected]> wrote: > Hello, > > As of CS 4.15, in security groups all inbound traffic is blocked by > default. As a result to allow all incoming traffic to VMs, we need to add > an ingress rule with the protocol specified as "All" and CIDR specified as > " > 0.0.0.0/0". Is it possible to allow all incoming traffic except specific > protocols or CIDRs to block specific protocols/CIDRs? > > Regards. >
