[openstack-dev] [Neutron] the question of security group rule
shihanzhang
ayshihanzhang at 126.com
Tue Apr 8 07:40:19 UTC 2014
Howdy Stackers!
There is a security group problem has been bothering me, but I do not know whether is appropriate to consult in there! For a security group rule, it will convert to iptable rules in compute node, but a iptable rule '-m state --state RELATED,ESTABLISHED -j RETURN' confuse me, according to my understanding this rule is to improve the performance of the security group by filteing the first package, there are other reasons?
I hava a use-case: create a securiy group with few securiy group rule, then gradually increase the amount of security group rules based on business, if a VM in this security group also have connection, the new rules will not take effect, how could I deal with such scenarios?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140408/71407990/attachment.html>
More information about the OpenStack-dev
mailing list