incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jayapal Reddy Uradi <jayapalreddy.ur...@citrix.com>
Subject RE: "Egress Firewall Rules" feature FS
Date Mon, 15 Oct 2012 08:50:27 GMT
Hi Nilesh,

Please fine my inline comments.

Thanks,
Jayapal

From: Nilesh Vishwakarma 
Sent: Thursday, October 11, 2012 6:37 PM
To: Jayapal Reddy Uradi
Cc: cloudstack-dev@incubator.apache.org
Subject: "Egress Firewall Rules" feature FS

Hey,

My review comments on "Egress Firewall Rules" feature FS:

1. Let me know whether we are using CreateFirewall API or NetworkACL to implement firewall
rule
-   There is a discussion in community about which  API to use. I will update the spec once
the discussion is closed.
2. How can I block the communication with particular subnet? As in if I want to block communication
ONLY with some IP range and allow the rest of the communication, would it be possible? 
-It is not possible. There are only rules to ALLOW.
3. Can we have BLOCK rule which can block communication with specified IP range?
-We can have only ALLOW rules. The egress rules only allowed and remaining traffic is blocked.

https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall+rules+for+guest+network

-Thanks,
Nilesh

Mime
View raw message