[Openstack-operators] how to filter outgoing VM traffic in icehouse

Kevin Bringard (kevinbri) kevinbri at cisco.com
Wed May 13 21:46:52 UTC 2015


Specifically, look at neutron security-group-rule-create:

usage: neutron security-group-rule-create [-h] [-f {shell,table}] [-c
COLUMN]
                                          [--variable VARIABLE]
                                          [--prefix PREFIX]
                                          [--request-format {json,xml}]
                                          [--tenant-id TENANT_ID]
                                          [--direction {ingress,egress}]
                                          [--ethertype ETHERTYPE]
                                          [--protocol PROTOCOL]
                                          [--port-range-min PORT_RANGE_MIN]
                                          [--port-range-max PORT_RANGE_MAX]
                                          [--remote-ip-prefix
REMOTE_IP_PREFIX]
                                          [--remote-group-id REMOTE_GROUP]
                                          SECURITY_GROUP

The --direction option is what you're looking for. You may need to remove
a default egress rule... I think by default it allows everything.


On 5/13/15, 3:39 PM, "Abel Lopez" <alopgeek at gmail.com> wrote:

>Yes, you can define egress security group rules.
>
>> On May 13, 2015, at 2:32 PM, Gustavo Randich
>><gustavo.randich at gmail.com> wrote:
>> 
>> Hi,
>> 
>> Is there any way to filter outgoing VM traffic in Icehouse, preferably
>>using security groups? I.e. deny all traffic except to certain IPs
>> 
>> Thanks!
>> 
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>




More information about the OpenStack-operators mailing list