[openstack-dev] [Neutron][FWaaS]Firewall Web Services Research Thesis Applicability to the OpenStack Project

A, Keshava keshava.a at hp.com
Fri May 23 07:11:00 UTC 2014 

Hi,
Please find reply in line ..

Thanks & regards,
Keshava.A

-----Original Message-----
From: Mike Grima [mailto:mike.r.grima at gmail.com] 
Sent: Thursday, May 22, 2014 3:55 PM
To: A, Keshava
Cc: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Neutron][FWaaS]Firewall Web Services Research Thesis Applicability to the OpenStack Project

Hello,

Just to make sure I understand:

1.) I'm assuming that you can dilettante which policies apply to specific VM's within a group (Is this correct?).  With regards to DENY permissions, they are handled specially.  In such a case, all other VM's are provided with ALLOW permissions for that rule, while the destined VM for the DENY policy is provided with a DENY.
- Would you necessarily want to automatically provide all other VM's with an ALLOW privilege?  Not all VM's in that group may need access to that port...

Keshava: Yes that's correct 

2.) Group Policy does support a Hierarchy. (Is this correct?)

Keshava: Yes that's correct 

3.) On a separate note: Is the Group Policy feature exposed via a RESTful API akin to FWaaS?

Thank you,

Mike Grima, RHCE


On May 22, 2014, at 2:08 AM, A, Keshava <keshava.a at hp.com> wrote:

> Hi,
> 
> 1. When the group policy is applied ( across to all the VMs ) say deny for specific TCP port = 80, however because some special reason one of that VM needs to 'ALLOW TCP port' how to handle this ?  
> When deny is applied to any one of VM in that group , 	this framework  takes care of 
> 		individually breaking that and apply ALLOW for other VM  automatically ?
> 		and apply Deny for that specific VM ? 
> 
> 2. Can there be 'Hierarchy of Group Policy " ? 
> 
> 
> 
> Thanks & regards,
> Keshava.A
> 
> -----Original Message-----
> From: Michael Grima [mailto:mike.r.grima at gmail.com] 
> Sent: Wednesday, May 21, 2014 5:00 PM
> To: openstack-dev at lists.openstack.org
> Subject: Re: [openstack-dev] [Neutron][FWaaS]Firewall Web Services Research Thesis Applicability to the OpenStack Project
> 
> Sumit,
> 
> Unfortunately, I missed the IRC meeting on FWaaS (got the timezones screwed up...).
> 
> However, in the meantime, please review this section of my thesis on the OpenStack project:
> https://docs.google.com/document/d/1DGhgtTY4FxYxOqhKvMSV20cIw5WWR-gXbaBoMMMA-f0/edit?usp=sharing
> 
> Please let me know if it is missing anything, or contains any wrong information.  Also, if you have some time, please review the questions I have asked in the previous messages.
> 
> Thank you,
> 
> --
> Mike Grima, RHCE
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list