Open Stack

Hi,

I read the security groups documentation from the admin guide, I have 
few things that I'm not sure I fully understand, any clarification would 
be appreciated:


i. 
http://docs.openstack.org/trunk/openstack-network/admin/content/securitygroups.html

"If a security group is not specified the port will be associated with a 
'default' security group. By default this group will drop all ingress 
traffic and allow all egress. Rules can be added to this group in order 
to change the behaviour"

The default behaviour is to allow all egress traffic, how do I make 
constraints on this traffic? it seems to me that the rules are kind of 
white list, how for instance can I disallow egress tcp traffic?

-----------

ii. 
http://docs.openstack.org/trunk/openstack-network/admin/content/securitygroups.html

"When a port is created in OpenStack Networking it is associated with a 
security group. If a security group is not specified the port will be 
associated with a 'default' security group"

I'm adding a rule without denoting the security group and I get "quantum 
security-group-rule-create: error: too few arguments", when I add 
"default" to the exact same command - it works, is this a bug or am I 
missing something?

----------

iii. 
http://docs.openstack.org/trunk/openstack-network/admin/content/securitygroup_api_abstractions.html

I see that there are default values for the security group attributes, 
however, it's hard to derive what these default values means, for 
instance, "remote_ip_prefix" is the white list of the traffic source 
ip(s), what if I add a rule without denoting this "remote_ip_prefix" - 
does it mean that the traffic is allowed from any source ip(s)?

-- 

Thanks,

Rami Vaknin.