cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wido den Hollander <w...@widodh.nl>
Subject Re: Egress firewall rules for guest network.
Date Tue, 09 Oct 2012 13:54:47 GMT
On 10/09/2012 11:14 AM, Jayapal Reddy Uradi wrote:
> The egress firewall rules feature  will configure the egress rules for guest network
on VR/External firewall to ALLOW
>
> specified traffic to outside and BLOCK the remaining traffic.
>
>
>
> By default  all the traffic is ALLOWED to public network. When you specify a egress rule
only that rule specific traffic is allowed.
>
>
>
> I have created a functional spec here: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall+rules+for+guest+network
>
>
>
> Please review and provide your comments.
>

Seems great! But why assume that we will block everything when one is 
rule is set?

What if somebody wants to block specific traffic and allow the rest? 
Let's say you don't want to allow IRC traffic, but do allow everything else?

Should there be a policy setting: ALLOW/DENY?

Wido

> Thanks,
> Jayapal
>


Mime
View raw message