cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Will Chan <will.c...@citrix.com>
Subject RE: Anyway to disable the firewall functionality provided by the virtual router in 3.0.x?
Date Thu, 24 May 2012 21:32:19 GMT
Ok, glad you clarified it for me.  In 2.2.11+, all XXXPortForwardingRule and XXXLoadBalancer
API calls automatically called the XXXFirewallRule API.  You could always turn that off by
passing openfirewall=false in the create commands.  Subsequently, the UI had supported both
ways of doing this as you know already by using the firewall.rule.ui setting so people did
not have to deal with this split.  In 3.0.x, the API remains unchanged, but the UI no longer
supports this and the 3.0.x UI always makes calls with openfirewall=false.

To achieve what you want, you  would need to tweak the UI to make API calls with openfirewall=true
(or remove it since the default is true) and change the UI to no longer show the firewall
portion.  Changing the network offering turns off and on the service and if you disable the
firewall from the network offering, you will end up disabling the port forwarding feature
I believe.

The other option is to re-introduce this back into the CloudStack.

-----Original Message-----
From: Jason Davis [mailto:scr512@gmail.com] 
Sent: Thursday, May 24, 2012 1:49 PM
To: cloudstack-users@incubator.apache.org
Subject: Re: Anyway to disable the firewall functionality provided by the virtual router in
3.0.x?

Well, I want it to behave as it did in 2.2.14-3.0.0.

ie: I can provide isolation through portforwarding ranges and have the firewall disabled.
My concern is that when I upgrade to 3.0.2 that I'll have to essentially re-teach my end users
how to gain remote access to their VM instances.

In the documentation and in previous builds, you could turn the firewall off entirely via
a global setting. This is the functionality I am wishing to accomplish.

No firewall, just services like portforwarding, dhcp, dns, loadbalancing, source nat, static
nat in my network offering.

On Thu, May 24, 2012 at 3:45 PM, Will Chan <will.chan@citrix.com> wrote:

> Can you describe what you would like to do?  I thought for a moment 
> you simply wanted the UI to act in the same way as in 2.2.x.  However, 
> from your response, it looks like you want to remove the firewall 
> feature from the virtual router altogether, including all the port forwarding feature?
>
> Will
>
> -----Original Message-----
> From: Jason Davis [mailto:scr512@gmail.com]
> Sent: Thursday, May 24, 2012 1:32 PM
> To: cloudstack-users@incubator.apache.org
> Subject: Re: Anyway to disable the firewall functionality provided by 
> the virtual router in 3.0.x?
>
> Ah so if I create my network offering via the API then I can achieve 
> what I want?
>
> If that's so, good enough :) I am more than happy to do API calls.
>
> /me goes to RTFM
>
> On Thu, May 24, 2012 at 3:30 PM, Will Chan <will.chan@citrix.com> wrote:
>
> > Since 3.0.x, that feature was turned off from the default UI and 
> > expect everyone to use the firewall feature.  The API still honors 
> > the old functionality so you can always custom change the UI to 
> > reflect the same behavior in 2.2.x.
> >
> > Will
> >
> > -----Original Message-----
> > From: Jason Davis [mailto:scr512@gmail.com]
> > Sent: Thursday, May 24, 2012 12:28 PM
> > To: cloudstack-users@incubator.apache.org
> > Subject: Anyway to disable the firewall functionality provided by 
> > the virtual router in 3.0.x?
> >
> > So, in 2.2.x with advanced networking you could disable the firewall 
> > by setting the global setting  firewall.rule.ui.enabled to false. I 
> > am trying to replicate this functionality in my upgraded development 
> > instance
> > (2.2.14->3.0.2) but this global setting no longer exists in the UI.
> >
> > I've also tried to create a new isolated networking offering with 
> > the firewall functionality disabled. However, anytime I try this the 
> > firewall setting ends up being enabled anyway.
> >
> > Thanks!
> > Jason
> >
>

Mime
View raw message