← Back to team overview

openstack team mailing list archive

Re: disable security group in essex

 

@Kevin I am using nova vlan manager , adding rule for every vlan would be
then one more task todo.

This is first scenerio

In my case i am using nova-network with vlan manager , so i would like to
use my
own router instead of the bridge that openstack creates, even i have
implemented inter-vlan routing , i want some vlans to commmunicate to a
single vlan, but not those vlans with each other.

Second  Scenerio

If i use a external router , and implemented inter-vlan routing , still my
vlans communication is blocked by nova security group thats why i need to
disable security group.

@Kiall , i think this flag would work i once used in for quantum,i would
try this.

On Wed, Nov 21, 2012 at 7:44 PM, Kevin Jackson <kevin@xxxxxxxxxxxxxxxxxxx>wrote:

> Hi Ritesh,
> You will need to have enabled some rules - even if you provide rules that
> give carte blanch access to your instances. This is courtesy of the
> 'default' security group - that by design prevents any access and by
> design, is a default if you don't specify any security groups when
> launching instances.
>
> Whilst its easy to say you shouldn't do what you're intending to do and
> relying on perimeter security alone, that is not what you're asking and I'm
> all for choice and learning.
>
> So in your instance:
>
> nova secgroup-add-rule default tcp 0 65536 0.0.0.0/0
> nova secgroup-add-rule default udp 0 65536 0.0.0.0/0
> nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
>
> Note this is the netsec equivalent of doing chmod 777 on a file.
>
> To actually delete groups though
>
> nova secgroup-delete nameOfGroup
>
> Regards,
> Kev
>
>
>  On 21 November 2012 13:45, Ritesh Nanda <riteshnanda09@xxxxxxxxx> wrote:
>
>>  Hello,
>>
>> Is there anyway we can disable security group in nova, as i would be
>> using an external firewall to do that.
>>
>> --
>>
>> * With Regards
>> *
>>
>> * Ritesh Nanda
>> *
>>
>> ***
>> *
>> <http://www.ericsson.com/>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>
> --
> Kevin Jackson
> @itarchitectkev
>



-- 

* With Regards
*

* Ritesh Nanda
*

***
*
<http://www.ericsson.com/>

References