CLOUDSTACK-1028. Doc. Re-add section Firewall Rules: this section is about ingress rules. Fix intro sentence to agree with new Egress Rules section. Egress traffic is now blocked by default.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b1e61cc9 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b1e61cc9 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b1e61cc9 Branch: refs/heads/ui-multiple-pod-ranges Commit: b1e61cc94a6a4e3cf89a5fc345b54bfa36c6d4ec Parents: 976a5fa Author: Jessica Tomechak <[email protected]> Authored: Thu Mar 21 19:13:15 2013 -0700 Committer: Jessica Tomechak <[email protected]> Committed: Thu Mar 21 20:00:36 2013 -0700 ---------------------------------------------------------------------- docs/en-US/ip-forwarding-firewalling.xml | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b1e61cc9/docs/en-US/ip-forwarding-firewalling.xml ---------------------------------------------------------------------- diff --git a/docs/en-US/ip-forwarding-firewalling.xml b/docs/en-US/ip-forwarding-firewalling.xml index 54e18b7..d7a2457 100644 --- a/docs/en-US/ip-forwarding-firewalling.xml +++ b/docs/en-US/ip-forwarding-firewalling.xml @@ -20,13 +20,15 @@ --> <section id="ip-forwarding-firewalling"> <title>IP Forwarding and Firewalling</title> - <para>By default, all incoming traffic to the public IP address is rejected. All outgoing traffic - from the guests is translated via NAT to the public IP address and is allowed.</para> + <para>By default, all incoming traffic to the public IP address is rejected. + All outgoing traffic from the guests is also blocked by default.</para> + <para>To allow outgoing traffic, follow the procedure in <xref linkend="egress-firewall-rule"/>.</para> <para>To allow incoming traffic, users may set up firewall rules and/or port forwarding rules. For example, you can use a firewall rule to open a range of ports on the public IP address, such as 33 through 44. Then use port forwarding rules to direct traffic from individual ports within that range to specific ports on user VMs. For example, one port forwarding rule could route incoming traffic on the public IP's port 33 to port 100 on one user VM's private IP.</para> - <xi:include href="egress-firewall-rule.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="egress-firewall-rule.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> + <xi:include href="firewall-rules.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> <xi:include href="port-forwarding.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> </section>
