[openstack-dev] [nova][neutron] default allow security group

Monty Taylor mordred at inaugust.com
Fri Sep 5 15:27:52 UTC 2014


Hi!

I've decided that as I have problems with OpenStack while using it in 
the service of Infra, I'm going to just start spamming the list.

Please make something like this:

neutron security-group-create default --allow-every-damn-thing

Right now, to make security groups get the hell out of our way because 
they do not provide us any value because we manage our own iptables, it 
takes adding something like 20 rules.

15:24:05          clarkb | one each for ingress and egress udp tcp over 
ipv4 then ipv6 and finaly icmp

That may be great for someone using my-first-server-pony, but for me, I 
know how the internet works, and when I ask for a server, I want it to 
just work.

Now, I know, I know - the DEPLOYER can make decisions blah blah blah.

BS

If OpenStack is going to let my deployer make the absolutely assinine 
decision that all of my network traffic should be blocked by default, it 
should give me, the USER, a get out of jail free card.

kthxbai



More information about the OpenStack-dev mailing list