If I understand correctly your use case security groups can be probably used to satisfy your goal with Neutron. Groups of isolated VMs in the same network can be assigned to different security groups. Traffic among different groups will be dropped unless unable by a specific security group rule. Still I am not sure if this is your goal - as you wrote that you want to forbid traffic between VMs and floating IPs, you might be trying to achieve something different. Salvatore On 7 July 2015 at 18:38, Marco Mariani <marco.mariani at alterway.fr> wrote: > Hi, > > I'm using Neutron+VLAN. Is it possible to isolate VMs in the same tenant > network, and filter traffic according to security rules? > > In my understanding the allow_same_net_traffic in nova.conf only affects > nova-network and not Neutron behavior. > > On the same note, I'd like to forbid traffic to between VMs and floating > IPs, even if there is a router to allows egress traffic to the Internet... > > Thanks > > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150707/e98671cd/attachment.html>