Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cloudstack.apache.org
Content-Type: multipart/alternative;
 boundary="===============2982866315412305378=="
MIME-Version: 1.0
Subject: Review Request: Egress firewall rules default policy configuration
 using
 network offering
From: "Jayapal Reddy" <jayapalreddy.uradi@citrix.com>
To: "Anthony Urso" <anthonyu@cs.ucla.edu>,
 "Abhinandan Prateek" <aprateek@apache.org>,
 "Alena Prokharchyk" <alena.prokharchyk@citrix.com>,
 "Murali Reddy" <muralimmreddy@gmail.com>
Cc: "Jayapal Reddy" <jayapalreddy.uradi@citrix.com>,
 "cloudstack" <cloudstack-dev@incubator.apache.org>
Date: Thu, 20 Jun 2013 05:05:31 -0000
Message-ID: <20130620050531.32008.16246@reviews.apache.org>
Auto-Submitted: auto-generated
Sender: "Jayapal Reddy" <noreply@reviews.apache.org>
Reply-To: "Jayapal Reddy" <jayapalreddy.uradi@citrix.com>

--===============2982866315412305378==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11988/
-----------------------------------------------------------

Review request for cloudstack, Anthony Urso, Abhinandan Prateek, Murali Red=
dy, and Alena Prokharchyk.


Description
-------

Egress rules default policy configuration using the network offering.
This patch is for xenserver with VR as firewall provider.

Here is the FS:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall+rule=
s+-+Ability+to+change+the+default

The work flow:
1. For default network offerings the egress default policy is block
2. While creating network offering, by default egress default policy is all=
ow and it can be configured to deny.
3. When egress default policy is allow, rules are added to block the traffi=
c and if default policy is deny rules added to allow the traffic


This addresses bug CLOUDSTACK-1578.


Diffs
-----

  api/src/com/cloud/agent/api/to/FirewallRuleTO.java f296aa4 =

  api/src/com/cloud/offering/NetworkOffering.java 72e2a2b =

  api/src/org/apache/cloudstack/api/ApiConstants.java ab1402c =

  api/src/org/apache/cloudstack/api/command/admin/network/CreateNetworkOffe=
ringCmd.java 6410715 =

  api/src/org/apache/cloudstack/api/response/NetworkOfferingResponse.java 7=
a7e371 =

  core/src/com/cloud/agent/api/routing/NetworkElementCommand.java ddb7ac8 =

  engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java 9f73029 =

  engine/schema/src/com/cloud/offerings/NetworkOfferingVO.java 3ae0bf3 =

  patches/systemvm/debian/config/root/firewallRule_egress.sh 0da7718 =

  plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResou=
rceBase.java 5e8283a =

  server/src/com/cloud/api/ApiResponseHelper.java 94c5d6c =

  server/src/com/cloud/configuration/ConfigurationManager.java 8db037b =

  server/src/com/cloud/configuration/ConfigurationManagerImpl.java 131d340 =

  server/src/com/cloud/network/NetworkManagerImpl.java d6a6450 =

  server/src/com/cloud/network/firewall/FirewallManagerImpl.java f7275b0 =

  server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.ja=
va 8da5176 =

  server/src/com/cloud/network/rules/FirewallManager.java 2bce8fe =

  server/src/com/cloud/server/ConfigurationServerImpl.java d334d7e =

  server/test/com/cloud/network/MockFirewallManagerImpl.java 95bb1d1 =

  server/test/com/cloud/vpc/MockConfigurationManagerImpl.java 21b3590 =

  server/test/org/apache/cloudstack/networkoffering/CreateNetworkOfferingTe=
st.java 4a2c867 =

  setup/db/db/schema-410to420.sql bcfbcc9 =


Diff: https://reviews.apache.org/r/11988/diff/


Testing
-------

1. Tested on xenserver with VR as firewall


Thanks,

Jayapal Reddy


--===============2982866315412305378==--