Open Stack

Howdy Stackers!


There is a security group problem has been bothering me, but I do not know whether is appropriate to consult in there! For a security group rule, it will convert to iptable rules in compute node, but a iptable rule '-m state --state RELATED,ESTABLISHED -j RETURN' confuse me, according to my understanding this rule is to improve the performance of the security group by filteing the first package, there are other reasons? 
I hava a use-case: create a securiy group with few securiy group rule, then gradually increase the amount of security group rules based on business, if a VM in this security group also have connection, the new rules will not take effect, how could I deal with such scenarios?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140408/71407990/attachment.html>