[openstack-dev] [nova][neutron] default allow security group
Miguel Angel Ajo Pelayo
mangelajo at redhat.com
Fri Sep 5 15:49:48 UTC 2014
I believe your request matches this, and I agree
it'd be something good
https://blueprints.launchpad.net/neutron/+spec/default-rules-for-default-security-group
And also, the fact that we have hardcoded default
security group settings. It would be good to have
a system wide default security group settings.
https://github.com/openstack/neutron/blob/master/neutron/db/securitygroups_db.py#L122
----- Original Message -----
> Hi!
>
> I've decided that as I have problems with OpenStack while using it in
> the service of Infra, I'm going to just start spamming the list.
>
> Please make something like this:
>
> neutron security-group-create default --allow-every-damn-thing
>
> Right now, to make security groups get the hell out of our way because
> they do not provide us any value because we manage our own iptables, it
> takes adding something like 20 rules.
>
> 15:24:05 clarkb | one each for ingress and egress udp tcp over
> ipv4 then ipv6 and finaly icmp
>
> That may be great for someone using my-first-server-pony, but for me, I
> know how the internet works, and when I ask for a server, I want it to
> just work.
>
> Now, I know, I know - the DEPLOYER can make decisions blah blah blah.
>
> BS
>
> If OpenStack is going to let my deployer make the absolutely assinine
> decision that all of my network traffic should be blocked by default, it
> should give me, the USER, a get out of jail free card.
>
> kthxbai
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
More information about the OpenStack-dev
mailing list