Varun, If you're talking about allowing access to VMs behind VR from specific Internet sources, that is as simple as adding source in firewall (by clicking on public IP of network or VM) at cloud-stack level where you define TCP/UDP protocol and port number etc. I know this is very simple, but just thought I would mention it anyways.
-- Makrand On Wed, Mar 7, 2018 at 8:51 AM, Kumar, Varun <[email protected]> wrote: > Thanks Dag. > > I am running into a scenario where a VR is required for dhcp service on > the public Internet facing vlan and want to restrict connections to known > trusted sources only. > > Has anyone in the community run into such a situation before and found a > workaround ? > > Thanks, > Varun > > > -----Original Message----- > From: Dag Sonstebo [mailto:[email protected]] > Sent: Tuesday, March 06, 2018 05:41 PM > To: [email protected] > Subject: Re: Iptables on Virtual router > > EXTERNAL EMAIL > > Hi Varun, > > No there’s no method for this, all firewall rules for the VR are contained > in the CloudStack database and written on demand when the VR is created or > firewall changes made. > > Regards, > Dag Sonstebo > Cloud Architect > ShapeBlue > > On 06/03/2018, 11:56, "Kumar, Varun" <[email protected]> wrote: > > Hello, > > Is it possible to write custom iptables on the Virtual router that's > created by cloudstack and make it persistent across restarts ? > > It looks like /etc/iptables/router_rules.v4 on the VR is the file > that's being created but I am looking for the script that creates this > file. > > Any insight is appreciated. > > Thanks, > Varun > > > > > [email protected] > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > >
