Re: CloudFoundry PCI-DSS compliance issue?

Daniel Jones


iptables is used when Container Networking is *not* available. If you're
using Container Networking, you might want to ask the folks that are
writing it on in the #container-networking channel.

Daniel Jones - CTO
+44 (0)79 8000 9153
@DanielJonesEB <>
*EngineerBetter* Ltd <> - UK Cloud Foundry

On 4 April 2017 at 09:07, Sze Siong Teo <szesiong(a)> wrote:

Hi Daniel,

Application Security Groups are implemented via iptables on the host Cell
VMs, and not in the containers.

How does the scenario I've mentioned for AppA and AppB to work even if I
enable AppA and AppB to communicate via
devguide/deploy-apps/cf-networking.html? If iptables is used, I suppose
filtering between VM's NIC and VLAN NIC created by CF inside the VM?

Because if iptables rules applied at VM level's intranet IP, then
filtering rules would have affected other apps on the same VM? Or it works
in some other different way?

Join to automatically receive all group messages.