deltacloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Lutterkort <lut...@redhat.com>
Subject Re: firewall rules with FGCP
Date Thu, 16 Aug 2012 03:16:25 GMT
Hi Dies,

On Wed, 2012-08-15 at 17:04 +1000, Koper, Dies wrote:
> I'd like to take another stab at firewall support for FGCP with DC.
> 
> Currently, FW creation, start/stop are covered but FW rules are not
> mapped well.
> The biggest issue is that the DC API assumes all rules are 'accept'
> rules while the FGCP includes both 'accept' and 'deny' rules.
> 
> In the FGCP API, rules have an 'action' field indicating how a triggered
> rule should be actioned on.
> Its possible values are 'Accept' and 'Deny'.
> 
> Can we extend the Rule object with an additional field for this?
> I assume with its default value being the status quo for EC2 and GoGrid
> (and I suppose in this case it can be omitted entirely in an XML
> response) and currently only the FGCP setting it for 'Deny' rules, we
> maintain full backwards compatibility.
> 
> One other field that FGCP has and the DC API does not have, but is not
> critical, is a 'log' field indicating whether it should be logged when
> this rule is triggered. I thought I'd mention it anyway in case any of
> the other providers support such a field and you were considering to
> support it.

Yes, I think these are sensible suggestions; we'll also need to
advertise in the API somewhere (as a feature ?) whether you can only
create accept rules or whether you can create accept/deny rules.

As for logging, I'd be fine with making that another feature for
firewalls.

David



Mime
View raw message