cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jayapal Reddy Uradi <>
Subject RE: Egress firewall rules for guest network.
Date Wed, 10 Oct 2012 03:07:30 GMT
Hi David,

The traffic type is optional and default to  ingress. For egress it is required to pass with
the 'egress'.


-----Original Message-----
From: David Nalley [] 
Sent: Tuesday, October 09, 2012 8:41 PM
Subject: Re: Egress firewall rules for guest network.

On Tue, Oct 9, 2012 at 5:14 AM, Jayapal Reddy Uradi <>
> The egress firewall rules feature  will configure the egress rules for 
> guest network on VR/External firewall to ALLOW
> specified traffic to outside and BLOCK the remaining traffic.
> By default  all the traffic is ALLOWED to public network. When you specify a egress rule
only that rule specific traffic is allowed.
> I have created a functional spec here: 
> +rules+for+guest+network
> Please review and provide your comments.
> Thanks,
> Jayapal

So I noticed you are modifying createFirewallRule in a way which would break backwards compatibility,
or at least make it more difficult.

I'd suggest that trafficType be optional and default to to ingress - which means existing
calls being issued today should continue to work as they do now, and folks wishing to take
advantage of egress filtering can pass trafficType=egress for any calls. Is there any downside
to doing it that way that I am missing?


View raw message