cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From radh...@apache.org
Subject git commit: updated refs/heads/4.2 to add0251
Date Wed, 07 Aug 2013 08:46:09 GMT
Updated Branches:
  refs/heads/4.2 30e12c289 -> add0251cf


CLOUDSTACK-2685


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/add0251c
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/add0251c
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/add0251c

Branch: refs/heads/4.2
Commit: add0251cf03d4d1ac1428045a73bec3b5bca10c8
Parents: 30e12c2
Author: Radhika PC <radhika.puthiyetath@citrix.com>
Authored: Wed Aug 7 14:15:29 2013 +0530
Committer: Radhika PC <radhika.puthiyetath@citrix.com>
Committed: Wed Aug 7 14:15:29 2013 +0530

----------------------------------------------------------------------
 docs/en-US/egress-firewall-rule.xml | 60 ++++++++++++++++++--------------
 1 file changed, 34 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/add0251c/docs/en-US/egress-firewall-rule.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/egress-firewall-rule.xml b/docs/en-US/egress-firewall-rule.xml
index 68d9898..17bf15e 100644
--- a/docs/en-US/egress-firewall-rule.xml
+++ b/docs/en-US/egress-firewall-rule.xml
@@ -19,31 +19,41 @@
   under the License.
 -->
 <section id="egress-firewall-rule">
-  <title>Egress Firewall Rules in Advanced Zone</title>
+  <title>Egress Firewall Rules in an Advanced Zone</title>
   <para>The egress traffic originates from a private network to a public network, such
as the
-    Internet. By default, the egress traffic is blocked, so no outgoing traffic is allowed
from a
-    guest network to the Internet. However, you can control the egress traffic in an Advanced
zone
-    by creating egress firewall rules. When an egress firewall rule is applied, the traffic
specific
-    to the rule is allowed and the remaining traffic is blocked. When all the firewall rules
are
-    removed the default policy, Block, is applied.</para>
-  <para>Egress firewall rules are supported on Juniper SRX and virtual router.</para>
-  <note>
-    <para>The egress firewall rules are not supported on shared networks.</para>
-  </note>
-  <para>Consider the following scenarios to apply egress firewall rules:</para>
-  <itemizedlist>
-    <listitem>
-      <para>Allow the egress traffic from specified source CIDR. The Source CIDR is
part of guest
-        network CIDR.</para>
-    </listitem>
-    <listitem>
-      <para>Allow the egress traffic with destination protocol TCP,UDP,ICMP, or ALL.</para>
-    </listitem>
-    <listitem>
-      <para>Allow the egress traffic with destination protocol and port range. The
port range is
-        specified for TCP, UDP or for ICMP type and code.</para>
-    </listitem>
-  </itemizedlist>
+    Internet. By default, the egress traffic is blocked in default network offerings, so
no outgoing
+    traffic is allowed from a guest network to the Internet. However, you can control the
egress
+    traffic in an Advanced zone by creating egress firewall rules. When an egress firewall
rule is
+    applied, the traffic specific to the rule is allowed and the remaining traffic is blocked.
When
+    all the firewall rules are removed the default policy, Block, is applied.</para>
+  <section id="prereq-egress">
+    <title>Prerequisites and Guidelines</title>
+    <para>Consider the following scenarios to apply egress firewall rules:</para>
+    <itemizedlist>
+      <listitem>
+        <para>Egress firewall rules are supported on Juniper SRX and virtual router.</para>
+      </listitem>
+      <listitem>
+        <para>The egress firewall rules are not supported on shared networks.</para>
+      </listitem>
+      <listitem>
+        <para>Allow the egress traffic from specified source CIDR. The Source CIDR
is part of guest
+          network CIDR.</para>
+      </listitem>
+      <listitem>
+        <para>Allow the egress traffic with protocol TCP,UDP,ICMP, or ALL.</para>
+      </listitem>
+      <listitem>
+        <para>Allow the egress traffic with protocol and destination port range. The
port range is
+          specified for TCP, UDP or for ICMP type and code.</para>
+      </listitem>
+      <listitem>
+        <para>The default policy is Allow for the new network offerings, whereas on
upgrade existing
+          network offerings with firewall service providers will have the default egress
policy
+          Deny.</para>
+      </listitem>
+    </itemizedlist>
+  </section>
   <section>
     <title>Configuring an Egress Firewall Rule</title>
     <orderedlist>
@@ -154,7 +164,5 @@
           allowed.</para>
       </listitem>
     </orderedlist>
-    <para>On upgrade existing network offerings with firewall service providers will
have the
-      default egress policy DENY.</para>
   </section>
 </section>


Mime
View raw message