From b1fa2669ce2ad85281b513e41ddd9e79d218feb6 Mon Sep 17 00:00:00 2001 From: Jessica Tomechak Date: Thu, 21 Mar 2013 20:43:10 -0700 Subject: [PATCH] CLOUDSTACK-1028. Doc. Re-add section Firewall Rules: this section is about ingress rules. Fix intro sentence to agree with new Egress Rules section. Egress traffic is now blocked by default. --- docs/en-US/ip-forwarding-firewalling.xml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/en-US/ip-forwarding-firewalling.xml b/docs/en-US/ip-forwarding-firewalling.xml index 54e18b7cfbc..4705dbdad3b 100644 --- a/docs/en-US/ip-forwarding-firewalling.xml +++ b/docs/en-US/ip-forwarding-firewalling.xml @@ -20,13 +20,16 @@ -->
IP Forwarding and Firewalling - By default, all incoming traffic to the public IP address is rejected. All outgoing traffic - from the guests is translated via NAT to the public IP address and is allowed. + By default, all incoming traffic to the public IP address is rejected. + All outgoing traffic from the guests is also blocked by default. + To allow outgoing traffic, follow the procedure in . To allow incoming traffic, users may set up firewall rules and/or port forwarding rules. For example, you can use a firewall rule to open a range of ports on the public IP address, such as 33 through 44. Then use port forwarding rules to direct traffic from individual ports within that range to specific ports on user VMs. For example, one port forwarding rule could route - incoming traffic on the public IP's port 33 to port 100 on one user VM's private IP. - + incoming traffic on the public IP's port 33 to port 100 on one user VM's private IP. + For more information, see and . + +