cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jayapal Reddy" <jayapalreddy.ur...@citrix.com>
Subject Review Request: Egress firewall rules default policy configuration using network offering
Date Thu, 20 Jun 2013 05:05:31 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11988/
-----------------------------------------------------------

Review request for cloudstack, Anthony Urso, Abhinandan Prateek, Murali Reddy, and Alena Prokharchyk.


Description
-------

Egress rules default policy configuration using the network offering.
This patch is for xenserver with VR as firewall provider.

Here is the FS:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall+rules+-+Ability+to+change+the+default

The work flow:
1. For default network offerings the egress default policy is block
2. While creating network offering, by default egress default policy is allow and it can be
configured to deny.
3. When egress default policy is allow, rules are added to block the traffic and if default
policy is deny rules added to allow the traffic


This addresses bug CLOUDSTACK-1578.


Diffs
-----

  api/src/com/cloud/agent/api/to/FirewallRuleTO.java f296aa4 
  api/src/com/cloud/offering/NetworkOffering.java 72e2a2b 
  api/src/org/apache/cloudstack/api/ApiConstants.java ab1402c 
  api/src/org/apache/cloudstack/api/command/admin/network/CreateNetworkOfferingCmd.java 6410715

  api/src/org/apache/cloudstack/api/response/NetworkOfferingResponse.java 7a7e371 
  core/src/com/cloud/agent/api/routing/NetworkElementCommand.java ddb7ac8 
  engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java 9f73029 
  engine/schema/src/com/cloud/offerings/NetworkOfferingVO.java 3ae0bf3 
  patches/systemvm/debian/config/root/firewallRule_egress.sh 0da7718 
  plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java 5e8283a

  server/src/com/cloud/api/ApiResponseHelper.java 94c5d6c 
  server/src/com/cloud/configuration/ConfigurationManager.java 8db037b 
  server/src/com/cloud/configuration/ConfigurationManagerImpl.java 131d340 
  server/src/com/cloud/network/NetworkManagerImpl.java d6a6450 
  server/src/com/cloud/network/firewall/FirewallManagerImpl.java f7275b0 
  server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java 8da5176 
  server/src/com/cloud/network/rules/FirewallManager.java 2bce8fe 
  server/src/com/cloud/server/ConfigurationServerImpl.java d334d7e 
  server/test/com/cloud/network/MockFirewallManagerImpl.java 95bb1d1 
  server/test/com/cloud/vpc/MockConfigurationManagerImpl.java 21b3590 
  server/test/org/apache/cloudstack/networkoffering/CreateNetworkOfferingTest.java 4a2c867

  setup/db/db/schema-410to420.sql bcfbcc9 

Diff: https://reviews.apache.org/r/11988/diff/


Testing
-------

1. Tested on xenserver with VR as firewall


Thanks,

Jayapal Reddy


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message