Hi Wei, I will create an issue for this on GitHub. This feature allows us to provide basic firewall on VM basis to our customers.
Regards. On Tue, 28 Nov 2023, 11:11 Wei ZHOU, <[email protected]> wrote: > Hi Fariborz, > > Currently there is no options for action (allow/deny) for each rule, all > rules are allowed. > I think it is a good feature to support action (allow/deny) and rule number > (so rules are ordered) in security groups rules, like the network ACL in > VPC. > > https://docs.cloudstack.apache.org/en/latest/adminguide/networking/virtual_private_cloud_config.html#creating-an-acl-rule > > Can you create a github issue for the improvement ? > > -Wei > > > On Mon, 27 Nov 2023 at 23:20, Fariborz Navidan <[email protected]> > wrote: > > > Hello, > > > > As of CS 4.15, in security groups all inbound traffic is blocked by > > default. As a result to allow all incoming traffic to VMs, we need to add > > an ingress rule with the protocol specified as "All" and CIDR specified > as > > " > > 0.0.0.0/0". Is it possible to allow all incoming traffic except specific > > protocols or CIDRs to block specific protocols/CIDRs? > > > > Regards. > > >
