incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Nalley <da...@gnsa.us>
Subject Re: Egress firewall rules for guest network.
Date Tue, 09 Oct 2012 15:10:57 GMT
On Tue, Oct 9, 2012 at 5:14 AM, Jayapal Reddy Uradi
<jayapalreddy.uradi@citrix.com> wrote:
> The egress firewall rules feature  will configure the egress rules for guest network
on VR/External firewall to ALLOW
>
> specified traffic to outside and BLOCK the remaining traffic.
>
>
>
> By default  all the traffic is ALLOWED to public network. When you specify a egress rule
only that rule specific traffic is allowed.
>
>
>
> I have created a functional spec here: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall+rules+for+guest+network
>
>
>
> Please review and provide your comments.
>
> Thanks,
> Jayapal


So I noticed you are modifying createFirewallRule in a way which would
break backwards compatibility, or at least make it more difficult.

I'd suggest that trafficType be optional and default to to ingress -
which means existing calls being issued today should continue to work
as they do now, and folks wishing to take advantage of egress
filtering can pass trafficType=egress for any calls. Is there any
downside to doing it that way that I am missing?

--David

Mime
View raw message