[openstack-dev] Potential change to provide a configurable list of nwfilters

Vishvananda Ishaya vishvananda at gmail.com
Fri Jan 18 17:38:34 UTC 2013


I think this makes sense.

Vish

On Jan 17, 2013, at 8:46 AM, "Bak, Ed (HPCS Fort Collins)" <ed.bak2 at hp.com> wrote:

> Hi,
>  
> We have a need to add additional network filters to the nova-base filter list.  For one additional case, we would also like to add an additional filter to specific instances.  I would like to propose a change to nova/virt/libvirt/firewall.py.  I’m thinking that these custom network filter definitions could be defined in individual files and the use of the filters could be controlled through nova.conf.  As a proof a concept,  I added some code to NWFilterFirewall:setup_basic_filtering which reads the list of custom filters as defined in nova.conf and sets up the filters depending on the filter definition.  Each filter definition requires 3 functions:  
>  
> get_filter() would return the XML definition of the nwfilter
> get_filter_name() would return the string name of the filter
> apply_filter(instance) would return True/False if the filter is to be applied to the given instance
>  
> nova.conf would contain something like...
>  
> --custom_nwfilters=nova.virt.libvirt.myfilter1, nova.virt.libvirt.myfilter2
>  
> Is this something that would be of general interest to be checked in to trunk?  Any implementation suggestions or other comments would be welcome.
>  
> Ed
>  
>  
>  
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130118/5b882b33/attachment.html>


More information about the OpenStack-dev mailing list