firewall source tag does not see new droplets?

February 15, 2018 131 views
Firewall Ubuntu 16.04

For example:

If I have droplets B1, B2 and B3, all tagged "B", and a droplet A1 with the firewall rule "allow HTTP from tag:B", A1 receives HTTP traffic from B1, B2 and B3. All OK so far.

But if I then create B4, tagged "B", A1 does not accept traffic from it, unless I remove "B" from the firewall rule and re-add it.

This would seem to be problematic when adding new droplets that need to consume a secured internal service.

Is this expected behaviour? I can use the API to add a rule for each new droplet, but that seem like a pity.


Be the first one to answer this question.