[openstack-dev] [quantum] Security groups egress default behaviour

Tomoe Sugihara tomoe at midokura.com
Fri Mar 1 11:27:19 UTC 2013


Hi,

On Wed, Feb 27, 2013 at 3:23 PM, Akihiro MOTOKI <motoki at da.jp.nec.com>wrote:

> Hi,
>
> It is worth discussed at this timing since it becomes difficult to change
> security groups models and default rules once Grizzly Quantum is shipped.
>
> Personally I prefer to symmetric models and semantics both for ingress and
> egress.
> It helps users understand the behaivor of security groups easily.
> (Honestly I was a little confused at first.)
>
> It looks reasonable to me that all egress traffic is dropped if there is
> truly no rules and the ALL ALLOW rule will be created automatically to
> egress rule when any security group is created. From users view there is
> no default behavior change.
>

I have just uploaded my draft change to add explicit rules:
https://review.openstack.org/#/c/23264/

I'd appreciate any feedback.

Thanks,
Tomoe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130301/4787c763/attachment.html>


More information about the OpenStack-dev mailing list