This was an intentional decision. One of the goals of OpenStack is to provide consistency across different clouds and configurable defaults for new tenants default rules hurts consistency. If I write a script to boot up a workload on one OpenStack cloud that allows everything by default and it doesn't work on another cloud that doesn't allow everything by default, that leads to a pretty bad user experience. I would now need logic to scan all of the existing security group rules and do a diff between what I want and what is there and have logic to resolve the difference. It's a backwards-incompatible change so we'll probably be stuck with the current behavior. On Fri, Jun 9, 2017 at 2:27 AM, Ahmed Mostafa <ahmedmostafadev at gmail.com> wrote: > I believe that there are no features impelemented in neutron that allows > changing the rules for the default security group. > > I am also interested in seeing such a feature implemented. > > I see only this blueprint : > > https://blueprints.launchpad.net/neutron/+spec/default- > rules-for-default-security-group > > But no work has been done on it so far. > > > > On Fri, Jun 9, 2017 at 9:16 AM, Paul Schlacter <wlfightup at gmail.com> > wrote: > >> I see the neutron code, which added the default rules to write very >> rigid, only for ipv4 ipv6 plus two rules. What if I want to customize the >> default rules? >> >> ____________________________________________________________ >> ______________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170609/c5731871/attachment.html>