How to disable internet in a centos VM instance created using openstack?
Question
In a centos Virtual machine instance that is created using openstack, how can i disable the internet? I need only internet to be disabled but not the network. Because this VM should be able to communicate to other VM's of the same network.
1 answers
solution1
1 2020-06-24 20:33:47
You can use a modified security-group, which allows only access to the local network. Per default the security-group allows all outgoing connections. These rules have to be replaced to limit them to the local network.
Example:
# create new security group
openstack security group create test-group
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2020-06-24T20:20:38Z |
| description | test-group |
| id | a39ac981-6547-4ed3-a2da-7037e50ef00e |
| name | test-group |
| project_id | b9105cd288f740fcaec03d42fd93607e |
| revision_number | 2 |
| rules | created_at='2020-06-24T20:20:38Z', direction='egress', ethertype='IPv6', id='5439255a-3a7d-4f54-967d-6393622f7777', updated_at='2020-06-24T20:20:38Z' |
| | created_at='2020-06-24T20:20:38Z', direction='egress', ethertype='IPv4', id='6fe86a1b-47e4-4927-9533-92b9b1b8c50b', updated_at='2020-06-24T20:20:38Z' |
| updated_at | 2020-06-24T20:20:38Z |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
# list all rules. The only shown are the two default egress-rules
openstack security group rule list test-group
+--------------------------------------+-------------+----------+------------+-----------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+----------+------------+-----------------------+
| 5439255a-3a7d-4f54-967d-6393622f7777 | None | None | | None |
| 6fe86a1b-47e4-4927-9533-92b9b1b8c50b | None | None | | None |
+--------------------------------------+-------------+----------+------------+-----------------------+
# delete the two rules
openstack security group rule delete 5439255a-3a7d-4f54-967d-6393622f7777 6fe86a1b-47e4-4927-9533-92b9b1b8c50b
# set the new egress-rule, which allows only communication within your local network
openstack security group rule create --egress --remote-ip 192.168.20.0/24 test-group
Of course you have to replace the 192.168.20.0/24 of the example by the subnet-range of your internal network, where your other VMs are connected too. Add ingress-rules like ISMP, SSH etc., if necessary and use this as only security-group for your virtual machine. With this your VMs can onyl connect to other VMs in your local network, but not to the internet anymore.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.