Any hints to where this configuration would be done :) Sent from my iPhone
On May 24, 2012, at 4:32 PM, Will Chan <will.c...@citrix.com> wrote: > Ok, glad you clarified it for me. In 2.2.11+, all XXXPortForwardingRule and > XXXLoadBalancer API calls automatically called the XXXFirewallRule API. You > could always turn that off by passing openfirewall=false in the create > commands. Subsequently, the UI had supported both ways of doing this as you > know already by using the firewall.rule.ui setting so people did not have to > deal with this split. In 3.0.x, the API remains unchanged, but the UI no > longer supports this and the 3.0.x UI always makes calls with > openfirewall=false. > > To achieve what you want, you would need to tweak the UI to make API calls > with openfirewall=true (or remove it since the default is true) and change > the UI to no longer show the firewall portion. Changing the network offering > turns off and on the service and if you disable the firewall from the network > offering, you will end up disabling the port forwarding feature I believe. > > The other option is to re-introduce this back into the CloudStack. > > -----Original Message----- > From: Jason Davis [mailto:scr...@gmail.com] > Sent: Thursday, May 24, 2012 1:49 PM > To: cloudstack-users@incubator.apache.org > Subject: Re: Anyway to disable the firewall functionality provided by the > virtual router in 3.0.x? > > Well, I want it to behave as it did in 2.2.14-3.0.0. > > ie: I can provide isolation through portforwarding ranges and have the > firewall disabled. My concern is that when I upgrade to 3.0.2 that I'll have > to essentially re-teach my end users how to gain remote access to their VM > instances. > > In the documentation and in previous builds, you could turn the firewall off > entirely via a global setting. This is the functionality I am wishing to > accomplish. > > No firewall, just services like portforwarding, dhcp, dns, loadbalancing, > source nat, static nat in my network offering. > > On Thu, May 24, 2012 at 3:45 PM, Will Chan <will.c...@citrix.com> wrote: > >> Can you describe what you would like to do? I thought for a moment >> you simply wanted the UI to act in the same way as in 2.2.x. However, >> from your response, it looks like you want to remove the firewall >> feature from the virtual router altogether, including all the port >> forwarding feature? >> >> Will >> >> -----Original Message----- >> From: Jason Davis [mailto:scr...@gmail.com] >> Sent: Thursday, May 24, 2012 1:32 PM >> To: cloudstack-users@incubator.apache.org >> Subject: Re: Anyway to disable the firewall functionality provided by >> the virtual router in 3.0.x? >> >> Ah so if I create my network offering via the API then I can achieve >> what I want? >> >> If that's so, good enough :) I am more than happy to do API calls. >> >> /me goes to RTFM >> >> On Thu, May 24, 2012 at 3:30 PM, Will Chan <will.c...@citrix.com> wrote: >> >>> Since 3.0.x, that feature was turned off from the default UI and >>> expect everyone to use the firewall feature. The API still honors >>> the old functionality so you can always custom change the UI to >>> reflect the same behavior in 2.2.x. >>> >>> Will >>> >>> -----Original Message----- >>> From: Jason Davis [mailto:scr...@gmail.com] >>> Sent: Thursday, May 24, 2012 12:28 PM >>> To: cloudstack-users@incubator.apache.org >>> Subject: Anyway to disable the firewall functionality provided by >>> the virtual router in 3.0.x? >>> >>> So, in 2.2.x with advanced networking you could disable the firewall >>> by setting the global setting firewall.rule.ui.enabled to false. I >>> am trying to replicate this functionality in my upgraded development >>> instance >>> (2.2.14->3.0.2) but this global setting no longer exists in the UI. >>> >>> I've also tried to create a new isolated networking offering with >>> the firewall functionality disabled. However, anytime I try this the >>> firewall setting ends up being enabled anyway. >>> >>> Thanks! >>> Jason >>> >>
