cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Davis <scr...@gmail.com>
Subject Re: Anyway to disable the firewall functionality provided by the virtual router in 3.0.x?
Date Fri, 25 May 2012 18:43:52 GMT
Thanks! I'll give that a go.


On Fri, May 25, 2012 at 1:39 PM, Brian Federle <Brian.Federle@citrix.com>wrote:

> One idea might be to modify the createURL function, which every server
> call uses to generate a URL for the API call. openfirewall=false could be
> passed there and will apply to all actions in the UI.
>
>
>
> createURL is in /ui/scripts/sharedFunctions.js; modify urlString to add
> additional params:
>
>
>
> //API calls
>
> function createURL(apiName, options) {
>
>  if (!options) options = {};
>
> var urlString = clientApiUrl + "?" + "command=" + apiName
> +"&response=json&sessionkey=" + g_sessionKey;
>
>
>
> urlString = urlString + '&openfirewall=false';
>
> ...
>
> }
>
>
>
> Hope that helps!
>
> ________________________________________
>
> From: Jason Davis [scr512@gmail.com]
>
> Sent: Thursday, May 24, 2012 3:01 PM
>
> To: cloudstack-users@incubator.apache.org<mailto:
> cloudstack-users@incubator.apache.org>
>
> Subject: Re: Anyway to disable the firewall functionality provided by the
> virtual router in 3.0.x?
>
>
>
> Any hints to where this configuration would be done :)
>
>
>
> Sent from my iPhone
>
>
>
> On May 24, 2012, at 4:32 PM, Will Chan <will.chan@citrix.com<mailto:
> will.chan@citrix.com>> wrote:
>
>
>
> > Ok, glad you clarified it for me.  In 2.2.11+, all XXXPortForwardingRule
> and XXXLoadBalancer API calls automatically called the XXXFirewallRule API.
>  You could always turn that off by passing openfirewall=false in the create
> commands.  Subsequently, the UI had supported both ways of doing this as
> you know already by using the firewall.rule.ui setting so people did not
> have to deal with this split.  In 3.0.x, the API remains unchanged, but the
> UI no longer supports this and the 3.0.x UI always makes calls with
> openfirewall=false.
>
> >
>
> > To achieve what you want, you  would need to tweak the UI to make API
> calls with openfirewall=true (or remove it since the default is true) and
> change the UI to no longer show the firewall portion.  Changing the network
> offering turns off and on the service and if you disable the firewall from
> the network offering, you will end up disabling the port forwarding feature
> I believe.
>
> >
>
> > The other option is to re-introduce this back into the CloudStack.
>
> >
>
> > -----Original Message-----
>
> > From: Jason Davis [mailto:scr512@gmail.com]<mailto:[mailto:
> scr512@gmail.com]>
>
> > Sent: Thursday, May 24, 2012 1:49 PM
>
> > To: cloudstack-users@incubator.apache.org<mailto:
> cloudstack-users@incubator.apache.org>
>
> > Subject: Re: Anyway to disable the firewall functionality provided by
> the virtual router in 3.0.x?
>
> >
>
> > Well, I want it to behave as it did in 2.2.14-3.0.0.
>
> >
>
> > ie: I can provide isolation through portforwarding ranges and have the
> firewall disabled. My concern is that when I upgrade to 3.0.2 that I'll
> have to essentially re-teach my end users how to gain remote access to
> their VM instances.
>
> >
>
> > In the documentation and in previous builds, you could turn the firewall
> off entirely via a global setting. This is the functionality I am wishing
> to accomplish.
>
> >
>
> > No firewall, just services like portforwarding, dhcp, dns,
> loadbalancing, source nat, static nat in my network offering.
>
> >
>
> > On Thu, May 24, 2012 at 3:45 PM, Will Chan <will.chan@citrix.com<mailto:
> will.chan@citrix.com>> wrote:
>
> >
>
> >> Can you describe what you would like to do?  I thought for a moment
>
> >> you simply wanted the UI to act in the same way as in 2.2.x.
>
> >> However, from your response, it looks like you want to remove the
>
> >> firewall feature from the virtual router altogether, including all the
> port forwarding feature?
>
> >>
>
> >> Will
>
> >>
>
> >> -----Original Message-----
>
> >> From: Jason Davis [mailto:scr512@gmail.com]<mailto:[mailto:
> scr512@gmail.com]>
>
> >> Sent: Thursday, May 24, 2012 1:32 PM
>
> >> To: cloudstack-users@incubator.apache.org<mailto:
> cloudstack-users@incubator.apache.org>
>
> >> Subject: Re: Anyway to disable the firewall functionality provided by
>
> >> the virtual router in 3.0.x?
>
> >>
>
> >> Ah so if I create my network offering via the API then I can achieve
>
> >> what I want?
>
> >>
>
> >> If that's so, good enough :) I am more than happy to do API calls.
>
> >>
>
> >> /me goes to RTFM
>
> >>
>
> >> On Thu, May 24, 2012 at 3:30 PM, Will Chan <will.chan@citrix.com
> <mailto:will.chan@citrix.com>> wrote:
>
> >>
>
> >>> Since 3.0.x, that feature was turned off from the default UI and
>
> >>> expect everyone to use the firewall feature.  The API still honors
>
> >>> the old functionality so you can always custom change the UI to
>
> >>> reflect the same behavior in 2.2.x.
>
> >>>
>
> >>> Will
>
> >>>
>
> >>> -----Original Message-----
>
> >>> From: Jason Davis [mailto:scr512@gmail.com]<mailto:[mailto:
> scr512@gmail.com]>
>
> >>> Sent: Thursday, May 24, 2012 12:28 PM
>
> >>> To: cloudstack-users@incubator.apache.org<mailto:
> cloudstack-users@incubator.apache.org>
>
> >>> Subject: Anyway to disable the firewall functionality provided by
>
> >>> the virtual router in 3.0.x?
>
> >>>
>
> >>> So, in 2.2.x with advanced networking you could disable the firewall
>
> >>> by setting the global setting  firewall.rule.ui.enabled to false. I
>
> >>> am trying to replicate this functionality in my upgraded development
>
> >>> instance
>
> >>> (2.2.14->3.0.2) but this global setting no longer exists in the UI.
>
> >>>
>
> >>> I've also tried to create a new isolated networking offering with
>
> >>> the firewall functionality disabled. However, anytime I try this the
>
> >>> firewall setting ends up being enabled anyway.
>
> >>>
>
> >>> Thanks!
>
> >>> Jason
>
> >>>
>
> >>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message