incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clayton Weise <cwe...@iswest.net>
Subject RE: domr iptables rules
Date Thu, 10 May 2012 15:30:10 GMT
It's something I have been toying with.  Basically it's a standard app/db setup where the app
servers would reside in a dmz and the db servers would sit in a trusted network.  We need
to limit the traffic going between the app and the db servers in advanced networking.  So
currently the db and app servers have their own separate networks (vlans) and their own virtual
routers.  I was thinking of different ways to limit the traffic from app to db to be permitted
on specific ports.

-----Original Message-----
From: Anthony Xu [mailto:Xuefei.Xu@citrix.com] 
Sent: Wednesday, May 09, 2012 4:33 PM
To: cloudstack-dev@incubator.apache.org
Subject: RE: domr iptables rules

It is better to do it through API. CloudStack already provides several APIs for customer to
add ACL for customer network, what kind of rules do you want to add? Can you do it through
current API? Or what kind API you would like to add?

Anthony

> -----Original Message-----
> From: Clayton Weise [mailto:cweise@iswest.net]
> Sent: Wednesday, May 09, 2012 4:26 PM
> To: 'cloudstack-dev@incubator.apache.org'
> Subject: RE: domr iptables rules
> 
> As a dirty hack would it be possible to create an init script which
> added these custom rules when the domr boots?
> 
> -----Original Message-----
> From: Anthony Xu [mailto:Xuefei.Xu@citrix.com]
> Sent: Wednesday, May 09, 2012 12:21 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: RE: domr iptables rules
> 
> Iptables rules is not persistent inside domr, CloudStack send command
> to domr to generate rules on demand.
> So if you reboot domr, some rules may not come back. But if you reboot
> domr through Cloudstack UI, all rules should come back, Cloudstack will
> send commands to program rules again.
> 
> 
> Anthony
> 
> 
> > -----Original Message-----
> > From: Clayton Weise [mailto:cweise@iswest.net]
> > Sent: Wednesday, May 09, 2012 10:09 AM
> > To: 'cloudstack-dev@incubator.apache.org'
> > Subject: domr iptables rules
> >
> > Where are these kept?  After rebooting a virtual router not all of
> the
> > firewall rules came back.  Also, I wanted to manually add a few
> things
> > and I was curious where I could do it and have those rules retained
> > when the domr reboots.
> >
> > Thanks

Mime
View raw message