It's something I have been toying with. Basically it's a standard app/db setup where the app servers would reside in a dmz and the db servers would sit in a trusted network. We need to limit the traffic going between the app and the db servers in advanced networking. So currently the db and app servers have their own separate networks (vlans) and their own virtual routers. I was thinking of different ways to limit the traffic from app to db to be permitted on specific ports.
-----Original Message----- From: Anthony Xu [mailto:xuefei...@citrix.com] Sent: Wednesday, May 09, 2012 4:33 PM To: cloudstack-dev@incubator.apache.org Subject: RE: domr iptables rules It is better to do it through API. CloudStack already provides several APIs for customer to add ACL for customer network, what kind of rules do you want to add? Can you do it through current API? Or what kind API you would like to add? Anthony > -----Original Message----- > From: Clayton Weise [mailto:cwe...@iswest.net] > Sent: Wednesday, May 09, 2012 4:26 PM > To: 'cloudstack-dev@incubator.apache.org' > Subject: RE: domr iptables rules > > As a dirty hack would it be possible to create an init script which > added these custom rules when the domr boots? > > -----Original Message----- > From: Anthony Xu [mailto:xuefei...@citrix.com] > Sent: Wednesday, May 09, 2012 12:21 PM > To: cloudstack-dev@incubator.apache.org > Subject: RE: domr iptables rules > > Iptables rules is not persistent inside domr, CloudStack send command > to domr to generate rules on demand. > So if you reboot domr, some rules may not come back. But if you reboot > domr through Cloudstack UI, all rules should come back, Cloudstack will > send commands to program rules again. > > > Anthony > > > > -----Original Message----- > > From: Clayton Weise [mailto:cwe...@iswest.net] > > Sent: Wednesday, May 09, 2012 10:09 AM > > To: 'cloudstack-dev@incubator.apache.org' > > Subject: domr iptables rules > > > > Where are these kept? After rebooting a virtual router not all of > the > > firewall rules came back. Also, I wanted to manually add a few > things > > and I was curious where I could do it and have those rules retained > > when the domr reboots. > > > > Thanks
