This message was deleted.
# neuvector-securitya
adamant-kite-43734
06/27/2023, 6:44 PMThis message was deleted.
q
quaint-candle-18606
06/27/2023, 8:19 PMYes. Create a group that defines it, then add a network rule to the top that allows
p
polite-piano-74233
06/27/2023, 8:25 PMso would the group be something like network=0.0.0.0/0? i cant tell if that would include container to container traffic as well or only external/node
q
quaint-candle-18606
06/27/2023, 8:31 PMthe group would be that netblock, like…
quaint-candle-18606
06/27/2023, 8:32 PMthen I’m pretty sure you’d want a rule for both directions
quaint-candle-18606
06/27/2023, 8:33 PMbut, obviously, test it. 🙂
p
polite-piano-74233
06/27/2023, 8:35 PMso what if we wanted a pod to be able to connect to -any- internal or external traffic though, would i need two rules outbound, one for the 'containers' group and one for the 'external' group? something similar to a cisco firewalls 'permit 10.1.1.1 any any'
q
quaint-candle-18606
06/27/2023, 8:43 PM‘external’ is a group that generally represents anything outside the cluster
quaint-candle-18606
06/27/2023, 8:45 PMso, from
containersallow groupquaint-candle-18606
06/27/2023, 8:45 PMyou might need to dupe for nodes, as well 🤔
p
polite-piano-74233
06/27/2023, 8:50 PMgotcha, so one for each of the primary groups that were generated, there isnt a way to make a group of groups i suppose 😅
q
quaint-candle-18606
06/27/2023, 9:20 PMi wish
quaint-candle-18606
06/27/2023, 9:20 PM😄