incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <>
Subject Re: "Egress Firewall Rules" feature FS
Date Sun, 21 Oct 2012 04:57:43 GMT
Jayapal, Nilesh, these are useful comments.
BLOCK rules can be useful, in which case you would need ordering between
BLOCK and ALLOW rules.
If I were a network engineer used to using  Cisco or other firewalls, what
would I expect to see in this regard?

On 10/15/12 1:50 AM, "Jayapal Reddy Uradi" <>

>Hi Nilesh,
>Please fine my inline comments.
>From: Nilesh Vishwakarma
>Sent: Thursday, October 11, 2012 6:37 PM
>To: Jayapal Reddy Uradi
>Subject: "Egress Firewall Rules" feature FS
>My review comments on "Egress Firewall Rules" feature FS:
>1. Let me know whether we are using CreateFirewall API or NetworkACL to
>implement firewall rule
>-   There is a discussion in community about which  API to use. I will
>update the spec once the discussion is closed.
>2. How can I block the communication with particular subnet? As in if I
>want to block communication ONLY with some IP range and allow the rest of
>the communication, would it be possible?
>-It is not possible. There are only rules to ALLOW.
>3. Can we have BLOCK rule which can block communication with specified IP
>-We can have only ALLOW rules. The egress rules only allowed and
>remaining traffic is blocked.

View raw message