You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by Benjamin Naber <be...@coders-area.de> on 2018/02/02 10:06:43 UTC

Network ACL Lists

Hi @all,

is there any way, to create Network ACL Lists that global accessable ?

Kind Reagrds 

Benjamin

Re: Network ACL Lists

Posted by da...@zv.fraunhofer.de.

Hi Benjamin, Hi Dag,

I think, in some environment that could make perfect sense.

We are using the software in a private cloud environment and have some centrally managed lists of IP networks which are allowed to access internal services.

Right now, every service using our private cloud has to maintain those ACLs on their own (>>200 rule entries). We've written and provided a Python tool that allows the customer to manage both their ACL entries and firewall entries (for IP addresses in a non-VPC network), which automatically inserts and regularly updates those "Intranet list". It would be great to have them defined globally once, such that each customer can rely on us to update the ACL accordingly.

But Benjamin: As of now, I don't think there is such a functionality in CS.

Regards
Daniel

-- 
Daniel Herrmann
Network Engineer – Fraunhofer Private Cloud
CCIE #55056 (Routing and Switching)
Cisco CCDP, CCIP; Fluke CCTT
 
Fraunhoferstraße 5, 64283 Darmstadt
Tel.: +49 6151 155346
Mail: daniel.herrmann@zv.fraunhofer.de
 
On 02.02.18, 11:59, "Dag Sonstebo" <Da...@shapeblue.com> wrote:

    Hi Benjamin,
    
    Not to my knowledge – that would be a security issue in itself since you would then announce to any user what ACL rules are in place for other users. 
    
    Regards,
    Dag Sonstebo
    Cloud Architect
    ShapeBlue
    
    On 02/02/2018, 10:06, "Benjamin Naber" <be...@coders-area.de> wrote:
    
        Hi @all,
        
        is there any way, to create Network ACL Lists that global accessable ?
        
        Kind Reagrds 
        
        Benjamin
        
    
    
    Dag.Sonstebo@shapeblue.com 
    www.shapeblue.com
    53 Chandos Place, Covent Garden, London  WC2N 4HSUK
    @shapeblue

Re: Network ACL Lists

Posted by Dag Sonstebo <Da...@shapeblue.com>.

Hi Benjamin,

Not to my knowledge – that would be a security issue in itself since you would then announce to any user what ACL rules are in place for other users. 

Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue

On 02/02/2018, 10:06, "Benjamin Naber" <be...@coders-area.de> wrote:

    Hi @all,
    
    is there any way, to create Network ACL Lists that global accessable ?
    
    Kind Reagrds 
    
    Benjamin
    


Dag.Sonstebo@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue