sws team mailing list archive

Thread
Date

Re: [Blueprint egress-traffic-filtering] Implement egress traffic filtering from OpenStack to Interanet

To: 文剑 <wenjianhn@xxxxxxxxx>
From: Vishvananda Ishaya <vishvananda@xxxxxxxxx>
Date: Thu, 10 May 2012 10:10:09 -0700
Cc: sws@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CAMXzGWKWkdX3q=XStHYeZpPR8w7t-RwmDi2Xds_9UQ=aJ1HmYg@mail.gmail.com>

I don't think it is within the scope of nova to add more advanced filtering rules like this. I would suggest investigating if this could be added to quantum.  The security group enforcement will be moving to quantum anyway.

Vish

On May 9, 2012, at 10:37 PM, 文剑 wrote:

> Accordding to git commit 654350a1cf93e8ecf8d38f07802e0c3ed7039562, 
> provider firewall adds a way to create global firewall blocks that 
> apply to all instances. What we need are per-project and per-instance 
> firewall rules instead of global firewall rules, so provider firewall is  
> insufficient.
> 
> 2012/5/1 Vish Ishaya <vishvananda@xxxxxxxxx>
> Blueprint changed by Vish Ishaya:
> 
> Whiteboard set to:
> there is something called provider firewall rules that filters outgoing
> traffic from the vms.  Please let me know if that is sufficient, or you
> need more functionality.  --Vish
> 
> --
> Implement egress traffic filtering from OpenStack to Interanet
> https://blueprints.launchpad.net/nova/+spec/egress-traffic-filtering
> 
> --
> Mailing list: https://launchpad.net/~sws
> Post to     : sws@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~sws
> More help   : https://help.launchpad.net/ListHelp
> 
> 
> 
> -- 
> Best,
> 
> 文剑

References

[Blueprint egress-traffic-filtering] Implement egress traffic filtering from OpenStack to Interanet
From: Vish Ishaya, 2012-05-01
Re: [Blueprint egress-traffic-filtering] Implement egress traffic filtering from OpenStack to Interanet
From: 文剑, 2012-05-10