You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by Admin - Bigsys IT <ad...@bigsys.com.br> on 2023/10/23 17:31:24 UTC

IPS aliases in firewall rules

Hello everyone!


In ACS, is it possible to register aliases with IPs from different networks
and then link one or more firewall rules to these aliases?

The goal is to not have to duplicate the same rules [protocol + ports] for
different source IPs.

When working with Cloudflare, for example, this feature would help a lot,
as cloudflare works with multiple IPs from different regions of the world
and which need to be released in each client's firewall.


regards,


Murilo Moura

Re: IPS aliases in firewall rules

Posted by Bryan Lima <br...@scclouds.com.br>.

Hello, Murilo

Regarding the duplicate of network rules, currently, ACS does not have 
this functionality, as every VPC needs its own Access Control List 
(ACL). However, there is a PR [1] in development that allows users to 
create a global ACL, and use it in multiple VPCs, similar to the default 
ones (*default_allow* and *default_deny*), eliminating the need to 
duplicate ACL rules across VPCs.

Best regards,
Bryan

[1]: https://github.com/apache/cloudstack/pull/7150

On 23/10/2023 14:31, Admin - Bigsys IT wrote:
> Hello everyone!
>
>
> In ACS, is it possible to register aliases with IPs from different networks
> and then link one or more firewall rules to these aliases?
>
> The goal is to not have to duplicate the same rules [protocol + ports] for
> different source IPs.
>
> When working with Cloudflare, for example, this feature would help a lot,
> as cloudflare works with multiple IPs from different regions of the world
> and which need to be released in each client's firewall.
>
>
> regards,
>
>
> Murilo Moura