[openstack-dev] [quantum] Security groups egress default behaviour

Dan Wendlandt dan at nicira.com
Sun Mar 3 19:28:28 UTC 2013


I think you need to change the permissions on that review, as I cannot see
it.

also, please file a bug on this and i'll target it to RC1, as we need to
make sure we make a decision on this before grizzly.

dan

On Fri, Mar 1, 2013 at 3:27 AM, Tomoe Sugihara <tomoe at midokura.com> wrote:

> Hi,
>
> On Wed, Feb 27, 2013 at 3:23 PM, Akihiro MOTOKI <motoki at da.jp.nec.com>wrote:
>
>> Hi,
>>
>> It is worth discussed at this timing since it becomes difficult to change
>> security groups models and default rules once Grizzly Quantum is shipped.
>>
>> Personally I prefer to symmetric models and semantics both for ingress
>> and egress.
>> It helps users understand the behaivor of security groups easily.
>> (Honestly I was a little confused at first.)
>>
>> It looks reasonable to me that all egress traffic is dropped if there is
>> truly no rules and the ALL ALLOW rule will be created automatically to
>> egress rule when any security group is created. From users view there is
>> no default behavior change.
>>
>
> I have just uploaded my draft change to add explicit rules:
> https://review.openstack.org/#/c/23264/
>
> I'd appreciate any feedback.
>
> Thanks,
> Tomoe
>
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dan Wendlandt
Nicira, Inc: www.nicira.com
twitter: danwendlandt
~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130303/18e567fc/attachment.html>


More information about the OpenStack-dev mailing list