cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sanjeev Neelarapu <sanjeev.neelar...@citrix.com>
Subject RE: Potential feature: Firewall comments
Date Thu, 08 Jan 2015 08:58:42 GMT
+1 for adding description and "Deny" option to the firewall API

-----Original Message-----
From: Logan Barfield [mailto:lbarfield@tqhosting.com] 
Sent: Friday, December 19, 2014 10:00 PM
To: dev@cloudstack.apache.org
Subject: Re: Potential feature: Firewall comments

On this same note:  Is there currently a way to add DROP rules to the VR firewall?  I know
you can add a default allow egress policy and block specific things, but that doesn't help
for incoming threats.

For instance if you want to allow public access to a web server (port 80), but want to block
a particular attackers IP or subnet.  Right now you have to set up a second level firewall
on the VM itself for this.

Would it be feasible to add a "Deny" option to the firewall API?


Thank You,

Logan Barfield
Tranquil Hosting

On Mon, Dec 15, 2014 at 11:49 PM, Jayapal Reddy Uradi < jayapalreddy.uradi@citrix.com>
wrote:
>
> +1
>
> When there are large set of rules, It will be useful.
>
> Thanks,
> Jayapal
> On 16-Dec-2014, at 4:17 AM, Logan Barfield <lbarfield@tqhosting.com>
> wrote:
>
> > Currently in the UI and API it can be difficult to tell what exactly 
> > a particular firewall rule is being used for.  I know that it is 
> > currently possible to add "tags" to firewall rules, but that seems 
> > suboptimal from
> an
> > ease-of-use standpoint.
> >
> > Would it be feasible to add a "comment" or "description" field for
> firewall
> > rules in advanced zones?  It could be added as an extra DB column, 
> > and appear in the UI and listFirewallRules API call (unless it's left blank).
> > In theory the description/comment could also be added to the 
> > IPtables
> rule
> > on the VR.
> >
> > This could probably also be applied to security groups.
> >
> >
> > Thoughts, comments?
>
>
Mime
View raw message