On this same note: Is there currently a way to add DROP rules to the VR firewall? I know you can add a default allow egress policy and block specific things, but that doesn't help for incoming threats.
For instance if you want to allow public access to a web server (port 80), but want to block a particular attackers IP or subnet. Right now you have to set up a second level firewall on the VM itself for this. Would it be feasible to add a "Deny" option to the firewall API? Thank You, Logan Barfield Tranquil Hosting On Mon, Dec 15, 2014 at 11:49 PM, Jayapal Reddy Uradi < jayapalreddy.ur...@citrix.com> wrote: > > +1 > > When there are large set of rules, It will be useful. > > Thanks, > Jayapal > On 16-Dec-2014, at 4:17 AM, Logan Barfield <lbarfi...@tqhosting.com> > wrote: > > > Currently in the UI and API it can be difficult to tell what exactly a > > particular firewall rule is being used for. I know that it is currently > > possible to add "tags" to firewall rules, but that seems suboptimal from > an > > ease-of-use standpoint. > > > > Would it be feasible to add a "comment" or "description" field for > firewall > > rules in advanced zones? It could be added as an extra DB column, and > > appear in the UI and listFirewallRules API call (unless it's left blank). > > In theory the description/comment could also be added to the IPtables > rule > > on the VR. > > > > This could probably also be applied to security groups. > > > > > > Thoughts, comments? > >
