We have installed istio demo profile
Tring to block traffic namespace level to external service and allow only port 5672 and 1433.
Created entrypoint virtual service and Destination rule for for external traffic. But still I am able to reach google.com and other services. We want to allow only 172.18.1.15 internal communication and blost rest of the communication.
I am not sure what I am missing. We want to achieve this setup with outboundTrafficPolicy mode: ALLOW_ANY
Please let me know if any other details required.