Solved

Security Policy for cvm (iptables,acl,ipfilter,tcp wrapper) please ㅠㅠ

  • 21 September 2022
  • 7 replies
  • 580 views

Badge +2

Please save me
The Great Experts of Nutanix

I'm doing a server security check with a client

I can't find some of my questions in portal or kb documents, so I'm writing here,


so I'd appreciate it if you could answer them


I don't care if there's a clue. Please answer me


If there's a document, just give me a link

====================================================================

Nutanix's cvm is based on Linux, right?

1. Can I set the limit of ip address and port for a specific host in Nutanix cvm?
For example, allow access only to cvm or ip of a particular console and block the remaining ip

 

2. I can't set iptables, ipfilter, or tcp wrapper in cvm, right?

 

3. In cvm, acl (Access Control List) cannot change the setting value, right?
 If I can't change it, is there a reason? 

 

 

icon

Best answer by JeroenTielen 3 October 2022, 11:05

View original

7 replies

Userlevel 2
Badge +2

hi junsu

 

you can look here : in the Security Guide.

https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v5_20:sec-controller-virtual-machine-t.html

 

there is possibility for hardening CVM access.

Nutanix has been designed to be exposed, whenever is is set up on prem or on the Internet so there is not such a thing as limiting ip that can connect to cvm. However there is way to restrict such IP at the AHV host level or at cvm level, be carefull to not just cut yourself from your distant access.

edit : updated the URL to the most recent version

Badge +2

Thank you for your good advice👍🏻👍🏻👍🏻

Badge +2

You can't get more answers about it?😭

Userlevel 6
Badge +8

1. Can I set the limit of ip address and port for a specific host in Nutanix cvm?
For example, allow access only to cvm or ip of a particular console and block the remaining ip

  • No, but you can create a separate network, with dedicated interfaces, for ahv and cvm traffic. Offcourse with firewall to allow prism/management tasks. 

2. I can't set iptables, ipfilter, or tcp wrapper in cvm, right?

  • Correct, you cant. 

3. In cvm, acl (Access Control List) cannot change the setting value, right?
 If I can't change it, is there a reason? 

  • Correct, you cant. 
Badge +2

Thank you very much for your reply

Can I know the relevant kb or document when I open the case?

Userlevel 4
Badge +7

Thank you very much for your reply

Can I know the relevant kb or document when I open the case?

 

Are you asking how to open a case ?

 

Or are you asking which KB/document to refer to for hardening?

Badge +2

I know how to open the case

I want KB/document to refer to for hardening 
If there is a related document, but I am satisfied with the above answers.

Thank you so much for your interest ★

Reply