Networking 如何在使用openstack创建的centos VM实例中禁用internet?
在使用openstack创建的centos虚拟机实例中,如何禁用internet?Networking 如何在使用openstack创建的centos VM实例中禁用internet?,networking,centos,virtual-machine,openstack,Networking,Centos,Virtual Machine,Openstack,在使用openstack创建的centos虚拟机实例中,如何禁用internet? 我只需要禁用internet,但不需要禁用网络。因为此VM应该能够与同一网络的其他VM通信。您可以使用修改后的安全组,该组只允许访问本地网络。默认情况下,安全组允许所有传出连接。必须替换这些规则,以将它们限制在本地网络中 例如: # create new security group openstack security group create test-group +-----------------+---
我只需要禁用internet,但不需要禁用网络。因为此VM应该能够与同一网络的其他VM通信。您可以使用修改后的安全组,该组只允许访问本地网络。默认情况下,安全组允许所有传出连接。必须替换这些规则,以将它们限制在本地网络中 例如:
# create new security group
openstack security group create test-group
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2020-06-24T20:20:38Z |
| description | test-group |
| id | a39ac981-6547-4ed3-a2da-7037e50ef00e |
| name | test-group |
| project_id | b9105cd288f740fcaec03d42fd93607e |
| revision_number | 2 |
| rules | created_at='2020-06-24T20:20:38Z', direction='egress', ethertype='IPv6', id='5439255a-3a7d-4f54-967d-6393622f7777', updated_at='2020-06-24T20:20:38Z' |
| | created_at='2020-06-24T20:20:38Z', direction='egress', ethertype='IPv4', id='6fe86a1b-47e4-4927-9533-92b9b1b8c50b', updated_at='2020-06-24T20:20:38Z' |
| updated_at | 2020-06-24T20:20:38Z |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
# list all rules. The only shown are the two default egress-rules
openstack security group rule list test-group
+--------------------------------------+-------------+----------+------------+-----------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+--------------------------------------+-------------+----------+------------+-----------------------+
| 5439255a-3a7d-4f54-967d-6393622f7777 | None | None | | None |
| 6fe86a1b-47e4-4927-9533-92b9b1b8c50b | None | None | | None |
+--------------------------------------+-------------+----------+------------+-----------------------+
# delete the two rules
openstack security group rule delete 5439255a-3a7d-4f54-967d-6393622f7777 6fe86a1b-47e4-4927-9533-92b9b1b8c50b
# set the new egress-rule, which allows only communication within your local network
openstack security group rule create --egress --remote-ip 192.168.20.0/24 test-group
当然,您必须将示例中的192.168.20.0/24
替换为您的内部网络的子网范围,您的其他VM也在该子网范围内连接。如有必要,添加ISMP、SSH等入口规则,并将其用作虚拟机的唯一安全组。通过这种方式,您的虚拟机可以仅连接到本地网络中的其他虚拟机,而不再连接到internet