Removing outbound firewall rules

When restricting outbound traffic, it is recommend to modify the default outbound rules to use specific IP addresses or subnets, according to your network infrastructure and security policies.

To remove outbound firewall rules

Use the following command:

vinfra cluster network set --del-outbound-allow-list <rules> <network>
--add-outbound-allow-list <rules>

A comma-separated list of allow rules in the format: <address>:<protocol>:<port>:<description>, where:

  • <address> is a single IP address (10.10.10.10), address range (10.10.10.0-10.10.10.10), or subnet CIDR (10.10.10.0/32)
  • <protocol> can be udp, tcp, or any
  • <port> is an integer value (22) or a range (20-22)
  • <description> usually contains the name of the service that uses the specified port
<network>
Network ID or name

For example, to remove the rule 0.0.0.0:any:0:Allow all, which allows all outbound traffic, run:

# vinfra cluster network set Public --del-outbound-allow-list "0.0.0.0:any:0:Allow all"

In this case, all attempts to establish connections from the cluster to external endpoints will be blocked.

Related Topics Link IconWhat's next