incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Nalley <>
Subject Re: Egress firewall rules for guest network.
Date Tue, 09 Oct 2012 15:10:57 GMT
On Tue, Oct 9, 2012 at 5:14 AM, Jayapal Reddy Uradi
<> wrote:
> The egress firewall rules feature  will configure the egress rules for guest network
on VR/External firewall to ALLOW
> specified traffic to outside and BLOCK the remaining traffic.
> By default  all the traffic is ALLOWED to public network. When you specify a egress rule
only that rule specific traffic is allowed.
> I have created a functional spec here:
> Please review and provide your comments.
> Thanks,
> Jayapal

So I noticed you are modifying createFirewallRule in a way which would
break backwards compatibility, or at least make it more difficult.

I'd suggest that trafficType be optional and default to to ingress -
which means existing calls being issued today should continue to work
as they do now, and folks wishing to take advantage of egress
filtering can pass trafficType=egress for any calls. Is there any
downside to doing it that way that I am missing?


View raw message