Hi Ian Quantum setups default security group. The default security group is 'default'. It will allow all egress packet and , allow intercommunication between VMs. https://github.com/openstack/quantum/blob/master/quantum/db/securitygroups_db.py#L137 ( Sorry we have not enough document for security group stuff) In addition to the default security group rule, we can add custom security group and rules via API. https://github.com/openstack/quantum/blob/master/quantum/extensions/securitygroup.py#L158 Based on server side security model, firewall.py will setup actual filtering. PS. I uploaded iptables implementation. This source code may answer your question. https://github.com/nttmcl/quantum/blob/quantum-security-groups-iptables/quantum/agent/linux/iptables_firewall.py 2012/11/7 Ian Wells <ijw.ubuntu at cack.org.uk>: > Hey Nachi, > > 2.Interface of firewall.py > This is my proposal of firewall.py > firewall.py https://github.com/nttmcl/quantum/commit/4987b0ade5e130a38a397c40a81a9ddcfee1bf7a > > That's fine, but it's an interface - what firewall rules are you going > to apply, precisely? This is quite important, I'm not convinced that > the current firewalling always applies the same things and I'm sure it > implicitly applies rules that the security groups themselves don't > specify. I don't want to go down that same path again, which means > documenting the operation is important, perhaps more important than > coding it. > > -- > Ian. > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev