[Openstack-operators] how to filter outgoing VM traffic in icehouse
Kevin Bringard (kevinbri)
kevinbri at cisco.com
Wed May 13 21:46:52 UTC 2015
Specifically, look at neutron security-group-rule-create:
usage: neutron security-group-rule-create [-h] [-f {shell,table}] [-c
COLUMN]
[--variable VARIABLE]
[--prefix PREFIX]
[--request-format {json,xml}]
[--tenant-id TENANT_ID]
[--direction {ingress,egress}]
[--ethertype ETHERTYPE]
[--protocol PROTOCOL]
[--port-range-min PORT_RANGE_MIN]
[--port-range-max PORT_RANGE_MAX]
[--remote-ip-prefix
REMOTE_IP_PREFIX]
[--remote-group-id REMOTE_GROUP]
SECURITY_GROUP
The --direction option is what you're looking for. You may need to remove
a default egress rule... I think by default it allows everything.
On 5/13/15, 3:39 PM, "Abel Lopez" <alopgeek at gmail.com> wrote:
>Yes, you can define egress security group rules.
>
>> On May 13, 2015, at 2:32 PM, Gustavo Randich
>><gustavo.randich at gmail.com> wrote:
>>
>> Hi,
>>
>> Is there any way to filter outgoing VM traffic in Icehouse, preferably
>>using security groups? I.e. deny all traffic except to certain IPs
>>
>> Thanks!
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
More information about the OpenStack-operators
mailing list