[openstack-dev] [Neutron][FWaaS]Firewall Web Services Research Thesis Applicability to the OpenStack Project

Mike Grima mike.r.grima at gmail.com
Thu May 22 22:54:38 UTC 2014


Hello,

Just to make sure I understand:

1.) I’m assuming that you can dilettante which policies apply to specific VM’s within a group (Is this correct?).  With regards to DENY permissions, they are handled specially.  In such a case, all other VM’s are provided with ALLOW permissions for that rule, while the destined VM for the DENY policy is provided with a DENY.
— Would you necessarily want to automatically provide all other VM’s with an ALLOW privilege?  Not all VM’s in that group may need access to that port...

2.) Group Policy does support a Hierarchy. (Is this correct?)

3.) On a separate note: Is the Group Policy feature exposed via a RESTful API akin to FWaaS?

Thank you,

Mike Grima, RHCE


On May 22, 2014, at 2:08 AM, A, Keshava <keshava.a at hp.com> wrote:

> Hi,
> 
> 1. When the group policy is applied ( across to all the VMs ) say deny for specific TCP port = 80, however because some special reason one of that VM needs to 'ALLOW TCP port' how to handle this ?  
> When deny is applied to any one of VM in that group , 	this framework  takes care of 
> 		individually breaking that and apply ALLOW for other VM  automatically ?
> 		and apply Deny for that specific VM ? 
> 
> 2. Can there be 'Hierarchy of Group Policy " ? 
> 
> 
> 
> Thanks & regards,
> Keshava.A
> 
> -----Original Message-----
> From: Michael Grima [mailto:mike.r.grima at gmail.com] 
> Sent: Wednesday, May 21, 2014 5:00 PM
> To: openstack-dev at lists.openstack.org
> Subject: Re: [openstack-dev] [Neutron][FWaaS]Firewall Web Services Research Thesis Applicability to the OpenStack Project
> 
> Sumit,
> 
> Unfortunately, I missed the IRC meeting on FWaaS (got the timezones screwed up...).
> 
> However, in the meantime, please review this section of my thesis on the OpenStack project:
> https://docs.google.com/document/d/1DGhgtTY4FxYxOqhKvMSV20cIw5WWR-gXbaBoMMMA-f0/edit?usp=sharing
> 
> Please let me know if it is missing anything, or contains any wrong information.  Also, if you have some time, please review the questions I have asked in the previous messages.
> 
> Thank you,
> 
> --
> Mike Grima, RHCE
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




More information about the OpenStack-dev mailing list