You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Florent Paillot <fl...@inria.fr> on 2019/11/04 16:01:05 UTC
Security Groups default behavior
Hello,
I'm looking for the default behavior for Security Groups when using a shared network with SG support. Can't find it in the docs.
Are two VM in the same SG implicitly allowed to communicate with each other ?
Maybe i'm wrong but it's seemed to be the case with 4.9.3 (KVM) but not anymore with 4.11.3 (KVM).
Thanks
Re: Security Groups default behavior
Posted by Florent Paillot <fl...@inria.fr>.
Hi Paul,
Thanks for your quick answer !
Florent
----- Mail original -----
> De: "Paul Angus" <pa...@shapeblue.com>
> À: "users" <us...@cloudstack.apache.org>
> Envoyé: Lundi 4 Novembre 2019 18:20:11
> Objet: RE: Security Groups default behavior
> Hi Florent,
>
> No, two VMs in the same security group will have the same rules applied to them.
> So if they both allow outbound port 22, they won't be able to talk over SSH,
> as neither allows inbound SSH.
>
> If your network was created with a default allow, then they will be able to
> communicate over all ports until you start applying rules to them.
>
> Paul.
>
> paul.angus@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London WC2E 9DPUK
> @shapeblue
>
>
>
>
> -----Original Message-----
> From: Florent Paillot <fl...@inria.fr>
> Sent: 04 November 2019 16:01
> To: cs users <us...@cloudstack.apache.org>
> Subject: Security Groups default behavior
>
> Hello,
> I'm looking for the default behavior for Security Groups when using a shared
> network with SG support. Can't find it in the docs.
> Are two VM in the same SG implicitly allowed to communicate with each other ?
>
> Maybe i'm wrong but it's seemed to be the case with 4.9.3 (KVM) but not anymore
> with 4.11.3 (KVM).
>
> Thanks
RE: Security Groups default behavior
Posted by Paul Angus <pa...@shapeblue.com>.
Hi Florent,
No, two VMs in the same security group will have the same rules applied to them. So if they both allow outbound port 22, they won't be able to talk over SSH, as neither allows inbound SSH.
If your network was created with a default allow, then they will be able to communicate over all ports until you start applying rules to them.
Paul.
paul.angus@shapeblue.com
www.shapeblue.com
Amadeus House, Floral Street, London WC2E 9DPUK
@shapeblue
-----Original Message-----
From: Florent Paillot <fl...@inria.fr>
Sent: 04 November 2019 16:01
To: cs users <us...@cloudstack.apache.org>
Subject: Security Groups default behavior
Hello,
I'm looking for the default behavior for Security Groups when using a shared network with SG support. Can't find it in the docs.
Are two VM in the same SG implicitly allowed to communicate with each other ?
Maybe i'm wrong but it's seemed to be the case with 4.9.3 (KVM) but not anymore with 4.11.3 (KVM).
Thanks