After deploying ACS 4.17.2 with XCP-NG and Security groups we noticed that by default egress port 53 is always allowed. Is there a way to deny that?
At first we thought it was allowed in the user network because the network provider supported DNS service. However after removing the DNS service and rebuilding the network the port is still open. Another issue unrelated to the topic but I thought it may be a bug. Error pops when creating a new instance via the GUI and specifying IP address. the message is "Unable to start a VM due to insufficient address capacity" However when starting an instance without specifying address works properly. After some investigation it seems that the IP address value is not passed properly. For example: If the network is 172.20.0.0/16 and we pass a value for the instance of 172.20.0.25 the management-server.log reports that the value passed is 172.20.0.2 which is not valid. Regards, Jordan
