← Back to team overview

openstack team mailing list archive

Security Groups Documentations - need some clarifications



I read the security groups documentation from the admin guide, I have few things that I'm not sure I fully understand, any clarification would be appreciated:

i. http://docs.openstack.org/trunk/openstack-network/admin/content/securitygroups.html

"If a security group is not specified the port will be associated with a 'default' security group. By default this group will drop all ingress traffic and allow all egress. Rules can be added to this group in order to change the behaviour"

The default behaviour is to allow all egress traffic, how do I make constraints on this traffic? it seems to me that the rules are kind of white list, how for instance can I disallow egress tcp traffic?


ii. http://docs.openstack.org/trunk/openstack-network/admin/content/securitygroups.html

"When a port is created in OpenStack Networking it is associated with a security group. If a security group is not specified the port will be associated with a 'default' security group"

I'm adding a rule without denoting the security group and I get "quantum security-group-rule-create: error: too few arguments", when I add "default" to the exact same command - it works, is this a bug or am I missing something?


iii. http://docs.openstack.org/trunk/openstack-network/admin/content/securitygroup_api_abstractions.html

I see that there are default values for the security group attributes, however, it's hard to derive what these default values means, for instance, "remote_ip_prefix" is the white list of the traffic source ip(s), what if I add a rule without denoting this "remote_ip_prefix" - does it mean that the traffic is allowed from any source ip(s)?



Rami Vaknin.

Follow ups