hi junsu

you can look here : in the Security Guide.

https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v5_20:sec-controller-virtual-machine-t.html

there is possibility for hardening CVM access.

Nutanix has been designed to be exposed, whenever is is set up on prem or on the Internet so there is not such a thing as limiting ip that can connect to cvm. However there is way to restrict such IP at the AHV host level or at cvm level, be carefull to not just cut yourself from your distant access.

edit : updated the URL to the most recent version

Thank you for your good advice

You can't get more answers about it?

1. Can I set the limit of ip address and port for a specific host in Nutanix cvm?
For example, allow access only to cvm or ip of a particular console and block the remaining ip

• No, but you can create a separate network, with dedicated interfaces, for ahv and cvm traffic. Offcourse with firewall to allow prism/management tasks. 

2. I can't set iptables, ipfilter, or tcp wrapper in cvm, right?

• Correct, you cant. 

3. In cvm, acl (Access Control List) cannot change the setting value, right?
 If I can't change it, is there a reason? 

• Correct, you cant. 

Thank you very much for your reply

Can I know the relevant kb or document when I open the case?

Are you asking how to open a case ?

Or are you asking which KB/document to refer to for hardening?

I know how to open the case

I want KB/document to refer to for hardening 
If there is a related document, but I am satisfied with the above answers.

Thank you so much for your interest ★