You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Admin - Bigsys IT <ad...@bigsys.com.br> on 2023/10/23 17:31:24 UTC
IPS aliases in firewall rules
Hello everyone!
In ACS, is it possible to register aliases with IPs from different networks
and then link one or more firewall rules to these aliases?
The goal is to not have to duplicate the same rules [protocol + ports] for
different source IPs.
When working with Cloudflare, for example, this feature would help a lot,
as cloudflare works with multiple IPs from different regions of the world
and which need to be released in each client's firewall.
regards,
Murilo Moura
Re: IPS aliases in firewall rules
Posted by Bryan Lima <br...@scclouds.com.br>.
Hello, Murilo
Regarding the duplicate of network rules, currently, ACS does not have
this functionality, as every VPC needs its own Access Control List
(ACL). However, there is a PR [1] in development that allows users to
create a global ACL, and use it in multiple VPCs, similar to the default
ones (*default_allow* and *default_deny*), eliminating the need to
duplicate ACL rules across VPCs.
Best regards,
Bryan
[1]: https://github.com/apache/cloudstack/pull/7150
On 23/10/2023 14:31, Admin - Bigsys IT wrote:
> Hello everyone!
>
>
> In ACS, is it possible to register aliases with IPs from different networks
> and then link one or more firewall rules to these aliases?
>
> The goal is to not have to duplicate the same rules [protocol + ports] for
> different source IPs.
>
> When working with Cloudflare, for example, this feature would help a lot,
> as cloudflare works with multiple IPs from different regions of the world
> and which need to be released in each client's firewall.
>
>
> regards,
>
>
> Murilo Moura