Return-Path: X-Original-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 01754C768 for ; Thu, 24 May 2012 20:49:43 +0000 (UTC) Received: (qmail 49719 invoked by uid 500); 24 May 2012 20:49:42 -0000 Delivered-To: apmail-incubator-cloudstack-users-archive@incubator.apache.org Received: (qmail 49698 invoked by uid 500); 24 May 2012 20:49:42 -0000 Mailing-List: contact cloudstack-users-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-users@incubator.apache.org Delivered-To: mailing list cloudstack-users@incubator.apache.org Received: (qmail 49690 invoked by uid 99); 24 May 2012 20:49:42 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 May 2012 20:49:42 +0000 X-ASF-Spam-Status: No, hits=1.7 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of scr512@gmail.com designates 209.85.217.175 as permitted sender) Received: from [209.85.217.175] (HELO mail-lb0-f175.google.com) (209.85.217.175) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 May 2012 20:49:37 +0000 Received: by lbol5 with SMTP id l5so181504lbo.6 for ; Thu, 24 May 2012 13:49:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=1lELIYgh0zOcbYZBqdFQnOMtIFT2UjRjZ/x4YrmwYPM=; b=oy/yAIaA98UQMjN/D1z9qoqHOBUytNmKq//4O4aYmNAybN5dSW5ldrNPI9H9R8RQpC 4wRXT+pw4h2+Omv4WIvbhLTccP13+VPkF4VLNVOB+j50VmMw+3Co5Hs3+cuVFQTdSNQH 9PbOhODZVVOC1wh88l8BHm9APXN2mCjwSD9iKgmoO0FOmuBlBLW+cKsPEghgr3Jk/bfA TdtyWLxmsZjwKkk2Ufsoo7J/iUQeWdEmYITx0orR91trGcX+363wUR1AF/pmeXViDUl8 6f+mFh53nCnFF6NkabWyIM37J7/bGIahPLe4XkkqiLgaBxLKAxVm8m/NAB1oqb8cGdNZ soqQ== MIME-Version: 1.0 Received: by 10.112.17.227 with SMTP id r3mr383398lbd.41.1337892556281; Thu, 24 May 2012 13:49:16 -0700 (PDT) Received: by 10.112.46.197 with HTTP; Thu, 24 May 2012 13:49:16 -0700 (PDT) In-Reply-To: <61AE1E2837A06D4A8E98B796183842D40116B90AED4F@SJCPMAILBOX01.citrite.net> References: <61AE1E2837A06D4A8E98B796183842D40116B90AED46@SJCPMAILBOX01.citrite.net> <61AE1E2837A06D4A8E98B796183842D40116B90AED4F@SJCPMAILBOX01.citrite.net> Date: Thu, 24 May 2012 15:49:16 -0500 Message-ID: Subject: Re: Anyway to disable the firewall functionality provided by the virtual router in 3.0.x? From: Jason Davis To: cloudstack-users@incubator.apache.org Content-Type: multipart/alternative; boundary=bcaec554d84290962b04c0ce6238 X-Virus-Checked: Checked by ClamAV on apache.org --bcaec554d84290962b04c0ce6238 Content-Type: text/plain; charset=ISO-8859-1 Well, I want it to behave as it did in 2.2.14-3.0.0. ie: I can provide isolation through portforwarding ranges and have the firewall disabled. My concern is that when I upgrade to 3.0.2 that I'll have to essentially re-teach my end users how to gain remote access to their VM instances. In the documentation and in previous builds, you could turn the firewall off entirely via a global setting. This is the functionality I am wishing to accomplish. No firewall, just services like portforwarding, dhcp, dns, loadbalancing, source nat, static nat in my network offering. On Thu, May 24, 2012 at 3:45 PM, Will Chan wrote: > Can you describe what you would like to do? I thought for a moment you > simply wanted the UI to act in the same way as in 2.2.x. However, from > your response, it looks like you want to remove the firewall feature from > the virtual router altogether, including all the port forwarding feature? > > Will > > -----Original Message----- > From: Jason Davis [mailto:scr512@gmail.com] > Sent: Thursday, May 24, 2012 1:32 PM > To: cloudstack-users@incubator.apache.org > Subject: Re: Anyway to disable the firewall functionality provided by the > virtual router in 3.0.x? > > Ah so if I create my network offering via the API then I can achieve what > I want? > > If that's so, good enough :) I am more than happy to do API calls. > > /me goes to RTFM > > On Thu, May 24, 2012 at 3:30 PM, Will Chan wrote: > > > Since 3.0.x, that feature was turned off from the default UI and > > expect everyone to use the firewall feature. The API still honors the > > old functionality so you can always custom change the UI to reflect > > the same behavior in 2.2.x. > > > > Will > > > > -----Original Message----- > > From: Jason Davis [mailto:scr512@gmail.com] > > Sent: Thursday, May 24, 2012 12:28 PM > > To: cloudstack-users@incubator.apache.org > > Subject: Anyway to disable the firewall functionality provided by the > > virtual router in 3.0.x? > > > > So, in 2.2.x with advanced networking you could disable the firewall > > by setting the global setting firewall.rule.ui.enabled to false. I am > > trying to replicate this functionality in my upgraded development > > instance > > (2.2.14->3.0.2) but this global setting no longer exists in the UI. > > > > I've also tried to create a new isolated networking offering with the > > firewall functionality disabled. However, anytime I try this the > > firewall setting ends up being enabled anyway. > > > > Thanks! > > Jason > > > --bcaec554d84290962b04c0ce6238--