Tring to block traffic namespace level to external service and allow only port 5672 and 1433

pgokul555 · October 4, 2023, 5:36am

We have installed istio demo profile

Tring to block traffic namespace level to external service and allow only port 5672 and 1433.
Created entrypoint virtual service and Destination rule for for external traffic. But still I am able to reach google.com and other services. We want to allow only 172.18.1.15 internal communication and blost rest of the communication.

I am not sure what I am missing. We want to achieve this setup with outboundTrafficPolicy mode: ALLOW_ANY

Isto Setup:
outboundTrafficPolicy:
mode: ALLOW_ANY
rootNamespace: istio-system
trustDomain: cluster.local

Please let me know if any other details required.

Thanks
Gokul

Topic		Replies	Views
Deny "Accessing External Services" for dedicated namespace Networking	2	561	June 23, 2020
AuthorizationPolicy whitelist IPs and internal traffic Security	1	506	August 8, 2023
Istio Sidecar crd outboundTrafficPolicy set to REGISTRY_ONLY. ServiceEntry not honored Networking	0	557	April 23, 2022
Outbound traffic to exernal service (SOLVED) Networking	11	2462	April 19, 2019
ISTIO 1.6 traffic redirection Networking	1	612	August 7, 2020

Tring to block traffic namespace level to external service and allow only port 5672 and 1433

Related topics