If you do 'ebtables -t nat -L -v -n', you should see the existing rules that are created. It is something like 'only allow this ip to come from this mac address', you can easily do an ebtables -I on the chain (which if I remember right, the chains are named with the VM name they apply to) for the IP you want to add.
You may know this already... On Fri, Aug 16, 2013 at 1:54 PM, Marcus Sorensen <shadow...@gmail.com> wrote: > security groups are managed by the agent calling > /usr/share/cloudstack-common/scripts/vm/network/security_group.py. You > may be able to tweak that script, or call it, to have your desired > result. it IS basically just an ebtables edit. > > On Fri, Aug 16, 2013 at 1:51 PM, Kelcey Jamison Damage > <kel...@backbonetechnology.com> wrote: >> Well there are rules on the VR for sure, these are not persistent so any >> alterations will break if rebooted/rebuilt < one of those. And there are >> rules on the Hosts. >> >> The VR is the first place to mess around in. >> >> ----- Original Message ----- >> From: "Maurice Lawler" <maurice.law...@me.com> >> To: dev@cloudstack.apache.org >> Sent: Friday, August 16, 2013 12:48:00 PM >> Subject: Re: Easiest Way... >> >> I recall it being fairly simple, by adding / removing a rule from the >> ebtables, so my method of thinking isn't to complex, I was hoping someone on >> the list could point me in the right direction. >> >> >> On Aug 16, 2013, at 3:41 PM, Kelcey Jamison Damage >> <kel...@backbonetechnology.com> wrote: >> >>> Ok so this would make it very difficult to achieve. With Advanced zones you >>> have the flexibility to make some of this stuff work. Basic was not >>> intended for this purpose. Advanced zone with SG enabled would give you the >>> tools needed to accomplish your goal. >>> >>> Also if the secondary subnet is NOT for legacy systems support, then the >>> VPC service would work as well. >>> >>> ----- Original Message ----- >>> From: "Maurice Lawler" <maurice.law...@me.com> >>> To: dev@cloudstack.apache.org >>> Cc: kel...@backbonetechnology.com >>> Sent: Friday, August 16, 2013 12:36:32 PM >>> Subject: Re: Easiest Way... >>> >>> I am not utilizing advanced, I am utilizing basic; which I know can be >>> done, via editing the ebtables, but I cannot recall how to do this. Yes, >>> this secondary subnet requires it's own gateway. >>> >>> >>
