<div dir="ltr"><div class="gmail_default" style="font-family:georgia,serif">1. As far as I know, the default sg would be populated by plugin - e.g. ovs, ml2 - with _ensure_default_security_group, which allow egress to all destination and ingress originated from the same sg only.</div>
<div class="gmail_default" style="font-family:georgia,serif"><br></div><div class="gmail_default" style="font-family:georgia,serif">2. The default rules in default sg cannot be changed.</div><div class="gmail_default" style="font-family:georgia,serif">
<br></div><div class="gmail_default" style="font-family:georgia,serif">hope it helps,</div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><i style="font-family:georgia,serif;background-color:rgb(255,255,255);color:rgb(192,192,192)">Best Regards,<br>
Xiaolin Zhang</i></div></div>
<br><br><div class="gmail_quote">On Thu, Mar 20, 2014 at 5:51 PM, Ruzicka, Marek <span dir="ltr"><<a href="mailto:marek.ruzicka@t-systems.sk" target="_blank">marek.ruzicka@t-systems.sk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I second that question…<u></u><u></u></span></p><p class="MsoNormal">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">We have a registration system that is creating users/tenants/etc and also taking care of these security groups (deleting defaults, creating custom ones). <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">If it was possible to configure default sec groups, it would be one less thing to deal with.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Marek<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Nick Maslov [mailto:<a href="mailto:azpekt@gmail.com" target="_blank">azpekt@gmail.com</a>] <br>
<b>Sent:</b> 20. marca 2014 10:32<br><b>To:</b> <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br><b>Cc:</b> Maxim Bashkirov<br><b>Subject:</b> [Openstack] neutron default security groups<u></u><u></u></span></p>
</div></div><div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif"">Hi,<u></u><u></u></span></p></div>
<div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif""><u></u> <u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif"">Whenever I create new tenant, it creates an security group for this tenant. Rules are always the same - no ingress traffic allowed at all.<u></u><u></u></span></p>
</div><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif""><u></u> <u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif"">Is there a way to create security group, that will have all traffic allowed and will be used for each and every new tenant?<u></u><u></u></span></p>
</div><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif""><u></u> <u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif"">Thanks,<u></u><u></u></span></p>
</div><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif"">NM<u></u><u></u></span></p></div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif""><u></u> <u></u></span></p>
<div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Helvetica","sans-serif"">-- <br>Nick Maslov<br>Sent with Airmail<u></u><u></u></span></p></div></div></div></div></div><br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div>