incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <Chiradeep.Vit...@citrix.com>
Subject Re: "Egress Firewall Rules" feature FS
Date Sun, 21 Oct 2012 04:57:43 GMT
Jayapal, Nilesh, these are useful comments.
BLOCK rules can be useful, in which case you would need ordering between
BLOCK and ALLOW rules.
If I were a network engineer used to using  Cisco or other firewalls, what
would I expect to see in this regard?

On 10/15/12 1:50 AM, "Jayapal Reddy Uradi" <jayapalreddy.uradi@citrix.com>
wrote:

>Hi Nilesh,
>
>Please fine my inline comments.
>
>Thanks,
>Jayapal
>
>From: Nilesh Vishwakarma
>Sent: Thursday, October 11, 2012 6:37 PM
>To: Jayapal Reddy Uradi
>Cc: cloudstack-dev@incubator.apache.org
>Subject: "Egress Firewall Rules" feature FS
>
>Hey,
>
>My review comments on "Egress Firewall Rules" feature FS:
>
>1. Let me know whether we are using CreateFirewall API or NetworkACL to
>implement firewall rule
>-   There is a discussion in community about which  API to use. I will
>update the spec once the discussion is closed.
>2. How can I block the communication with particular subnet? As in if I
>want to block communication ONLY with some IP range and allow the rest of
>the communication, would it be possible?
>-It is not possible. There are only rules to ALLOW.
>3. Can we have BLOCK rule which can block communication with specified IP
>range?
>-We can have only ALLOW rules. The egress rules only allowed and
>remaining traffic is blocked.
>
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall+rul
>es+for+guest+network
>
>-Thanks,
>Nilesh


Mime
View raw message