On 09/10/12 8:40 PM, "David Nalley" <da...@gnsa.us> wrote:

>On Tue, Oct 9, 2012 at 5:14 AM, Jayapal Reddy Uradi
><jayapalreddy.ur...@citrix.com> wrote:
>> The egress firewall rules feature  will configure the egress rules for
>>guest network on VR/External firewall to ALLOW
>>
>> specified traffic to outside and BLOCK the remaining traffic.
>>
>>
>>
>> By default  all the traffic is ALLOWED to public network. When you
>>specify a egress rule only that rule specific traffic is allowed.
>>
>>
>>
>> I have created a functional spec here:
>>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall+ru
>>les+for+guest+network
>>
>>
>>
>> Please review and provide your comments.
>>
>> Thanks,
>> Jayapal
>
>
>So I noticed you are modifying createFirewallRule in a way which would
>break backwards compatibility, or at least make it more difficult.
>
>I'd suggest that trafficType be optional and default to to ingress -
>which means existing calls being issued today should continue to work
>as they do now, and folks wishing to take advantage of egress
>filtering can pass trafficType=egress for any calls. Is there any
>downside to doing it that way that I am missing?
>
>--David

+abhi

Yes, that is what we should do.
>

Reply via email to