[openstack-dev] Potential change to provide a configurable list of nwfilters

Stephen Gran stephen.gran at guardian.co.uk
Sat Jan 19 09:24:30 UTC 2013


On Thu, 2013-01-17 at 16:46 +0000, Bak, Ed (HPCS Fort Collins) wrote:
> Hi,
> We have a need to add additional network filters to the nova-base
> filter list.  For one additional case, we would also like to add an
> additional filter to specific instances.  I would like to propose a
> change to nova/virt/libvirt/firewall.py.  I’m thinking that these
> custom network filter definitions could be defined in individual files
> and the use of the filters could be controlled through nova.conf.  As
> a proof a concept,  I added some code to
> NWFilterFirewall:setup_basic_filtering which reads the list of custom
> filters as defined in nova.conf and sets up the filters depending on
> the filter definition.  Each filter definition requires 3 functions:  

I've run into a similar situation in the past, but only for one instance
or image.  I'd prefer if this could somehow be implemented as a property
of the image/instance/something, rather than as a global setting in a
config file.  It looks like your apply_filter returning False does
something like this?  I'm probably pre-coffee, but it wasn't clear to

Stephen Gran
Senior Systems Integrator - guardian.co.uk

Please consider the environment before printing this email.
Visit guardian.co.uk - website of the year
www.guardian.co.uk    www.observer.co.uk     www.guardiannews.com 
On your mobile, visit m.guardian.co.uk or download the Guardian
iPhone app www.guardian.co.uk/iphone and iPad edition www.guardian.co.uk/iPad 
Save up to 37% by subscribing to the Guardian and Observer - choose the papers you want and get full digital access. 
Visit guardian.co.uk/subscribe
This e-mail and all attachments are confidential and may also
be privileged. If you are not the named recipient, please notify
the sender and delete the e-mail and all attachments immediately.
Do not disclose the contents to another person. You may not use
the information for any purpose, or store, or copy, it in any way.
Guardian News & Media Limited is not liable for any computer
viruses or other material transmitted with or as part of this
e-mail. You should employ virus checking software.
Guardian News & Media Limited
A member of Guardian Media Group plc
Registered Office
PO Box 68164
Kings Place
90 York Way
Registered in England Number 908396

More information about the OpenStack-dev mailing list