deltacloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Koper, Dies" <>
Subject firewall rules with FGCP
Date Wed, 15 Aug 2012 07:04:42 GMT
I'd like to take another stab at firewall support for FGCP with DC.

Currently, FW creation, start/stop are covered but FW rules are not
mapped well.
The biggest issue is that the DC API assumes all rules are 'accept'
rules while the FGCP includes both 'accept' and 'deny' rules.

In the FGCP API, rules have an 'action' field indicating how a triggered
rule should be actioned on.
Its possible values are 'Accept' and 'Deny'.

Can we extend the Rule object with an additional field for this?
I assume with its default value being the status quo for EC2 and GoGrid
(and I suppose in this case it can be omitted entirely in an XML
response) and currently only the FGCP setting it for 'Deny' rules, we
maintain full backwards compatibility.

One other field that FGCP has and the DC API does not have, but is not
critical, is a 'log' field indicating whether it should be logged when
this rule is triggered. I thought I'd mention it anyway in case any of
the other providers support such a field and you were considering to
support it.

Dies Koper

View raw message