[Openstack] Stop external network to reach instances (Was: Reaching VXLAN tenant networks from outside (without floating IPs))
Mike Spreitzer
mspreitz at us.ibm.com
Wed Jul 6 14:37:53 UTC 2016
Turbo Fredriksson <turbo at bayour.com> wrote on 07/06/2016 07:29:48 AM:
> Ok, I managed to get this working as well. Was quite
> simple actually.
>
> But how do I _STOP_ this from happening?? If there's a root
> user on the [local] network, they can simply add that route.
> But in some cases I'd like to make sure that this DOESN'T work!
>
>
> Is there some configuration I can do in either the router or
> in Openstack to make sure that traffic from the outside can't
> be routed in to the instance(s)?
>
> I'd like that to happen ONLY if there's a floating IP for the
> host..
Floating IP for the host? Those are usually for the guest.
Have you looked at Neutron's FWaaS?
Regards,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160706/f3ec1cf4/attachment.html>
More information about the Openstack
mailing list