Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deny by default security policy #34

Closed
jstoja opened this issue Aug 1, 2018 · 2 comments
Closed

Deny by default security policy #34

jstoja opened this issue Aug 1, 2018 · 2 comments

Comments

@jstoja
Copy link
Contributor

jstoja commented Aug 1, 2018

Hello guys,

Thanks for the amazing work.
I'm wondering how you're handing the case of deny by default and them add security policies to allow traffic between groups.
Right now, I only manage to do this by creating a security policy by hand that would deny "any to any" between groups.

It seems that it's not doable because of the format of the nsx_security_policy_rule that requires a serviceids that doesn't handle the "any" value.

Do you have an idea of how to handle this? How do you handle this case @sky-uk ?

Cheers!
@jstoja
Copy link
Contributor Author

jstoja commented Aug 1, 2018

My bad. it seems that any the serviceids does match the "any" if it's the first element of the array (https://github.com/sky-uk/gonsx/blob/master/api/securitypolicy/securitypolicy_types_functions.go#L159).

@jstoja
Copy link
Contributor Author

jstoja commented Aug 1, 2018
edited

This could probably be added in the wiki here: https://github.com/sky-uk/terraform-provider-nsx/wiki/NSX-Security-Policy-Resource#nsx_security_policy_rule-resource cc @craig-duffin

@jstoja jstoja closed this as completed Aug 1, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jstoja