Return-Path: X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 18AEAEEDD for ; Wed, 16 Jan 2013 17:08:16 +0000 (UTC) Received: (qmail 2573 invoked by uid 500); 16 Jan 2013 17:08:15 -0000 Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org Received: (qmail 2531 invoked by uid 500); 16 Jan 2013 17:08:15 -0000 Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-dev@incubator.apache.org Delivered-To: mailing list cloudstack-dev@incubator.apache.org Received: (qmail 2521 invoked by uid 99); 16 Jan 2013 17:08:15 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Jan 2013 17:08:15 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of animesh.chaturvedi@citrix.com designates 66.165.176.89 as permitted sender) Received: from [66.165.176.89] (HELO SMTP.CITRIX.COM) (66.165.176.89) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Jan 2013 17:08:07 +0000 X-IronPort-AV: E=Sophos;i="4.84,480,1355097600"; d="scan'208";a="3961864" Received: from sjcpmailmx02.citrite.net ([10.216.14.75]) by FTLPIPO01.CITRIX.COM with ESMTP/TLS/RC4-MD5; 16 Jan 2013 17:07:46 +0000 Received: from SJCPMAILBOX01.citrite.net ([10.216.4.72]) by SJCPMAILMX02.citrite.net ([10.216.14.75]) with mapi; Wed, 16 Jan 2013 09:07:45 -0800 From: Animesh Chaturvedi To: "cloudstack-dev@incubator.apache.org" Date: Wed, 16 Jan 2013 09:07:42 -0800 Subject: RE: [IP Clearance: CLOUDSTACK-299] Egress firewall rules for guest network Thread-Topic: [IP Clearance: CLOUDSTACK-299] Egress firewall rules for guest network Thread-Index: Ac3zrbTH++RnGveIS8eEh8utpNy50gAXizBw Message-ID: <7A92FF96DF135843B4B608FB576BFC3E012DA320C625@SJCPMAILBOX01.citrite.net> References: <67EF18FDCA335F489B366120481AB6C5F6B4030E77@BANPMAILBOX01.citrite.net> In-Reply-To: <67EF18FDCA335F489B366120481AB6C5F6B4030E77@BANPMAILBOX01.citrite.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org Jayapal You need to post the markmail discussion link as well as link to code for r= eview. Please post them ASAP > -----Original Message----- > From: Jayapal Reddy Uradi [mailto:jayapalreddy.uradi@citrix.com] > Sent: Tuesday, January 15, 2013 9:55 PM > To: cloudstack-dev@incubator.apache.org > Subject: [IP Clearance: CLOUDSTACK-299] Egress firewall rules for guest > network >=20 > Hi, >=20 > I am starting the IP clearance process for the Citrix Egress firewall rul= es > feature. > https://issues.apache.org/jira/browse/CLOUDSTACK-299 >=20 > Citrix would like to donate the egress firewall rules feature to Apache > cloudstack. >=20 > About this feature, Currently all the guest network traffic in the isolat= ed > networks is allowed to public network. This feature is about controlling = the > guest network traffic to public network. Using this feature user can conf= igure > egress firewall rules on the guest network to allow specific traffic. >=20 > Citrix egress firewall rules implementation by default all the guest traf= fic will > be blocked by default and configure the egress firewall rule to allow spe= cific > traffic to > public network. Please go through the below FS for more information on= API > and default policy. >=20 > Here is the FS: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall+ru= l > es+for+guest+network >=20 >=20 > Thanks, > Jayapal