Hi,

I am looking at the docs in here:

https://wiki.openstack.org/wiki/Neutron/SecurityGroups

and I find:

> For egress traffic: Only traffic matched with security group rules are allowed.

So we currently have the default security group rule allowing all traffic to everywhere.

We would like to prevent egress traffic from our VMs into a couple of internally reachable subnets in our deployment. Is there a way to achieve this in OpenStack?

Many thanks,

Sebastian