If a CVM being assigned a Public Internet IP address, it will bypass the Cloud Firewall to access Internet directly. There are several method to control:
- Disable Tencent user account able to assign public IP addresses to CVM by using Tencent account's Cloud Access Management - Polices. Create a policy on CVM to deny "AdjustPublicAddress", "AllocateAddresses" and "AssociateAddress"
- Use "security group" on each CVM to block external connection on port level
No comments:
Post a Comment