deny_networks on NetOut

Question

deny_networks on NetOut

Closed this issue 10 years ago · 3 comments

Hi all,

https://github.com/cloudfoundry-incubator/garden/blob/771dc9b6304276a0a3efd2f1e60a7c7d0cd27b4c/container.go#L91-L92 mentions a deny_networks "configuration directive" but I can't find any other reference to it. Is this a real thing? We are looking to implement this API for garden-windows and want to make sure we understand it.

Best,
Ben

Answer 1 · 2015-04-30T19:23:42.000Z

We have created an issue in Pivotal Tracker to manage this. You can view the current status of your issue at: https://www.pivotaltracker.com/story/show/93652546.

Answer 2 · 2015-04-30T19:39:38.000Z

It's a flag accepted by garden-linux which sets the networks which are denied by default (before NetOut rules add whitelist exceptions). Other backends would be expected to have a similar way to configure the base set of denied-by-default networks or to deny everything (or to allow everything by default but then NetOut is a no-op).

Answer 3 · 2015-04-30T19:53:31.000Z

Great, thank you!