Limit access to the load balancer

You can limit access to the load balancer by specifying allowed IP addresses from which the load balancer will accept traffic.

Allowed IP addresses are specified in the load balancer rule and apply only to the port and traffic type specified in the rule. You can specify allowed addresses when creating a rule or in an existing rule.

For allowed addresses to work, traffic filtering (port security) must be enabled in the load balancer network.

Specify allowed IP addresses in an existing rule

Control panel

1. In the Control panel, on the top menu, click Products and select Cloud Servers.

2. Go to the Load balancers section → Load balancers tab.

3. Open the load balancer page.

4. Open the rule card.

5. If the card contains the Allowed CIDR field, in this field:

   5.1. Click .

   5.2. Enter the allowed IP addresses or subnets separated by commas.

   5.3. Click .

6. If the Allowed CIDR field is not displayed, traffic filtering (port security) is disabled in the network. Create a new private network or public subnet and create a load balancer in it again.

OpenStack CLI

1. Open OpenStack CLI.

2. Ensure that traffic filtering is enabled in the load balancer network — the port_security_enabled field should be set to true:

   openstack network show <network>

   If the field value is false, create a new private network or public subnet and create a load balancer in it again.

3. Specify allowed IP addresses in the load balancer rule:

   openstack loadbalancer listener set \
   --allowed-cidr <allowed_cidr>
   <listener>

   Specify:

   • <allowed_cidr> — an IP address or subnet in CIDR format. If you need to specify multiple addresses, provide each in a separate --allowed-cidr parameter;
   • <listener> — the rule ID or name. You can view the list using the openstack loadbalancer listener list command.