Hi David, The traffic type is optional and default to ingress. For egress it is required to pass with the 'egress'.
Thanks, Jayapal -----Original Message----- From: David Nalley [mailto:da...@gnsa.us] Sent: Tuesday, October 09, 2012 8:41 PM To: cloudstack-dev@incubator.apache.org Subject: Re: Egress firewall rules for guest network. On Tue, Oct 9, 2012 at 5:14 AM, Jayapal Reddy Uradi <jayapalreddy.ur...@citrix.com> wrote: > The egress firewall rules feature will configure the egress rules for > guest network on VR/External firewall to ALLOW > > specified traffic to outside and BLOCK the remaining traffic. > > > > By default all the traffic is ALLOWED to public network. When you specify a > egress rule only that rule specific traffic is allowed. > > > > I have created a functional spec here: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall > +rules+for+guest+network > > > > Please review and provide your comments. > > Thanks, > Jayapal So I noticed you are modifying createFirewallRule in a way which would break backwards compatibility, or at least make it more difficult. I'd suggest that trafficType be optional and default to to ingress - which means existing calls being issued today should continue to work as they do now, and folks wishing to take advantage of egress filtering can pass trafficType=egress for any calls. Is there any downside to doing it that way that I am missing? --David
