On 09/10/12 8:40 PM, "David Nalley" <da...@gnsa.us> wrote:
>On Tue, Oct 9, 2012 at 5:14 AM, Jayapal Reddy Uradi ><jayapalreddy.ur...@citrix.com> wrote: >> The egress firewall rules feature will configure the egress rules for >>guest network on VR/External firewall to ALLOW >> >> specified traffic to outside and BLOCK the remaining traffic. >> >> >> >> By default all the traffic is ALLOWED to public network. When you >>specify a egress rule only that rule specific traffic is allowed. >> >> >> >> I have created a functional spec here: >>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall+ru >>les+for+guest+network >> >> >> >> Please review and provide your comments. >> >> Thanks, >> Jayapal > > >So I noticed you are modifying createFirewallRule in a way which would >break backwards compatibility, or at least make it more difficult. > >I'd suggest that trafficType be optional and default to to ingress - >which means existing calls being issued today should continue to work >as they do now, and folks wishing to take advantage of egress >filtering can pass trafficType=egress for any calls. Is there any >downside to doing it that way that I am missing? > >--David +abhi Yes, that is what we should do. >