Are there any blueprints or discussion around logging the actions of iptables rules that are generated from security groups? Typically a firewall produces copious logs. As far as I can tell, Neutron security groups permit or deny traffic but don't provide any record at all of what happened. Obviously iptables itself supports logging, but I haven't seen anything in https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_firewall.py that looks like it adds logging rules. I'd be curious to know if this is just a case of no one having added it yet, or if there was any explicit decision to NOT support logging (either as a provider enforced standard, or as a tenant configurable per-rule setting.) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140408/98be95a3/attachment.html>