[openstack-dev] [quantum] Security groups egress default behaviour
Tomoe Sugihara
tomoe at midokura.com
Mon Mar 4 03:01:20 UTC 2013
On Mon, Mar 4, 2013 at 4:28 AM, Dan Wendlandt <dan at nicira.com> wrote:
> I think you need to change the permissions on that review, as I cannot see
> it.
Sorry, I just have published the change.
I tried the draft option (git review -D), but i shouldn't have done it.
>
> also, please file a bug on this and i'll target it to RC1, as we need to
> make sure we make a decision on this before grizzly.
>
Filed:
https://bugs.launchpad.net/quantum/+bug/1143283
Thanks,
Tomoe
> dan
>
> On Fri, Mar 1, 2013 at 3:27 AM, Tomoe Sugihara <tomoe at midokura.com> wrote:
>
>> Hi,
>>
>> On Wed, Feb 27, 2013 at 3:23 PM, Akihiro MOTOKI <motoki at da.jp.nec.com>wrote:
>>
>>> Hi,
>>>
>>> It is worth discussed at this timing since it becomes difficult to change
>>> security groups models and default rules once Grizzly Quantum is shipped.
>>>
>>> Personally I prefer to symmetric models and semantics both for ingress
>>> and egress.
>>> It helps users understand the behaivor of security groups easily.
>>> (Honestly I was a little confused at first.)
>>>
>>> It looks reasonable to me that all egress traffic is dropped if there is
>>> truly no rules and the ALL ALLOW rule will be created automatically to
>>> egress rule when any security group is created. From users view there is
>>> no default behavior change.
>>>
>>
>> I have just uploaded my draft change to add explicit rules:
>> https://review.openstack.org/#/c/23264/
>>
>> I'd appreciate any feedback.
>>
>> Thanks,
>> Tomoe
>>
>>
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Dan Wendlandt
> Nicira, Inc: www.nicira.com
> twitter: danwendlandt
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130304/567b48a8/attachment.html>
More information about the OpenStack-dev
mailing list