How to disable internet in a centos VM instance created using openstack?

asked 2020-06-24

kotianrakeshs

In a centos Virtual machine instance that is created using openstack, how can i disable the internet? I need only internet to be disabled but not the network. Because this VM should be able to communicate to other VM's of the same network.

What do you mean by "disabling internet"? By default, an instance is not reachable FROM the internet, but it can reach the internet thanks to SNAT configured in the external router. SNAT can only be disabled in the router, not for a single instance, as far as I know.

Bernd Bausch ( 2020-06-24 09:26:15 -0500 )

Here disabling internet of a instance means things like it should not be able to download any packages from internet etc. Thanks for sharing info regarding SNAT. Is it possible to disable internet of a instance using openstack dashboard or in command line of ssh session to instance?

kotianrakeshs ( 2020-06-24 09:39:18 -0500 )

Ignore my answer. eblock has a few very good suggestions, especially security groups.

Bernd Bausch ( 2020-06-25 01:22:32 -0500 )

answered 2020-06-24

eblock

Depending on the exact requirements it could be enough to edit the security group and block outgoing traffic (80, 443)? Or configure the instance's firewall, or detach the floating ip (unless it's required to reach the other instances). Several ways are possible.

