Chiradeep,
Network engineers would expect to see ALLOW and BLOCK rule
flexibility, but in most cases a default DENY ALL rule is the last
rule in a set (with only ALLOW rules above it). In my experience,
it's usually only the more complex FW policies that use BLOCK
statements to selectively undo
Jayapal, Nilesh, these are useful comments.
BLOCK rules can be useful, in which case you would need ordering between
BLOCK and ALLOW rules.
If I were a network engineer used to using Cisco or other firewalls, what
would I expect to see in this regard?
On 10/15/12 1:50 AM, Jayapal Reddy Uradi
Hi Nilesh,
Please fine my inline comments.
Thanks,
Jayapal
From: Nilesh Vishwakarma
Sent: Thursday, October 11, 2012 6:37 PM
To: Jayapal Reddy Uradi
Cc: cloudstack-dev@incubator.apache.org
Subject: Egress Firewall Rules feature FS
Hey,
My review comments on Egress Firewall Rules feature FS: