On 10/09/2012 11:14 AM, Jayapal Reddy Uradi wrote:
The egress firewall rules feature will configure the egress rules for guest
network on VR/External firewall to ALLOW
specified traffic to outside and BLOCK the remaining traffic.
By default all the traffic is ALLOWED to public network. When you specify a
egress rule only that rule specific traffic is allowed.
I have created a functional spec here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall+rules+for+guest+network
Please review and provide your comments.
Seems great! But why assume that we will block everything when one is
rule is set?
What if somebody wants to block specific traffic and allow the rest?
Let's say you don't want to allow IRC traffic, but do allow everything else?
Should there be a policy setting: ALLOW/DENY?
Wido
Thanks,
Jayapal
