Verify the micro-segmentation

After completing the micro-segmentation setup, the connection is successfully established, and the Ping application (ping_app.py) retrieves sample data from the database. This output can be viewed in the my-app-xxxx log file through the OCP Web interface.

Optional: Revoke access to the database port (25010) for the compute node IP from the IBM CIC VM . You observe a connection failure, which confirms that only a pod running on an authorized compute node can access the database even when valid login credentials are provided.

Command to remove the rich rule for the compute node:

firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv4" source address=<Compute Node IP> port protocol="tcp" port=<DB2 port> accept'