yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #52262
[Bug 1592000] [NEW] [RFE] Admin customized default security-group
Public bug reported:
Allow the admin to decide which rules should be added (by default) to
the tenant default security-group once created.
At the moment, each tenant default security-group is created with specific set of rules: allow all egress and allow ingress from default sg.
However, this is not the desired behavior for all deployments, as some would want to practice a “zero trust” model where all traffic is blocked unless explicitly decided otherwise, or on the other hand, allow all inbound+outbound traffic.
It’s worth nothing that at some use cases the default behavior can be expressed with very specific sets of rules, which only the admin has the knowledge to define (e.g- allow connection to active directory endpoints), in such cases the impact on usability is even worse, as it requires the admin to create rules on every tenant default security-group.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1592000
Title:
[RFE] Admin customized default security-group
Status in neutron:
New
Bug description:
Allow the admin to decide which rules should be added (by default) to
the tenant default security-group once created.
At the moment, each tenant default security-group is created with specific set of rules: allow all egress and allow ingress from default sg.
However, this is not the desired behavior for all deployments, as some would want to practice a “zero trust” model where all traffic is blocked unless explicitly decided otherwise, or on the other hand, allow all inbound+outbound traffic.
It’s worth nothing that at some use cases the default behavior can be expressed with very specific sets of rules, which only the admin has the knowledge to define (e.g- allow connection to active directory endpoints), in such cases the impact on usability is even worse, as it requires the admin to create rules on every tenant default security-group.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1592000/+subscriptions
Follow ups