You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by Nux! <nu...@li.nux.ro> on 2014/02/14 16:03:29 UTC

How to modify the (global) default securitygroup?

Hello,

In the light of recent UDP based attacks (NTP/DNS/SNMP 
reflection/amplification) I was thinking to hack the global default 
security group so that at least NTP and SNMP are protected in the whole 
cloud. By default the security groups come with everything blocked on 
ingress and all accepted on egress, I'd like to tune this a bit, have 
some ports open by default and some blocked.

Any suggestions?

Lucian

-- 
Sent from the Delta quadrant using Borg technology!

Nux!
www.nux.ro