yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1592000] Re: [RFE] Admin customized default security-group

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1592000@xxxxxxxxxxxxxxxxxx>
Date: Tue, 21 Mar 2017 04:18:09 -0000
Reply-to: Bug 1592000 <1592000@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1592000

Title:
  [RFE] Admin customized default security-group

Status in neutron:
  Expired

Bug description:
  Allow the admin to decide which rules should be added (by default) to
  the tenant default security-group once created.

  At the moment, each tenant default security-group is created with specific set of rules: allow all egress and allow ingress from default sg.
  However, this is not the desired behavior for all deployments, as some would want to practice a “zero trust” model where all traffic is blocked unless explicitly decided otherwise, or on the other hand, allow all inbound+outbound traffic.
  It’s worth nothing that at some use cases the default behavior can be expressed with very specific sets of rules, which only the admin has the knowledge to define (e.g- allow connection to active directory endpoints), in such cases the impact on usability is even worse, as it requires the admin to create rules on every tenant default security-group.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1592000/+subscriptions

References

[Bug 1592000] [NEW] [RFE] Admin customized default security-group
From: Roey Chen, 2016-06-13