Thanks Kishan for your response. I would think the default should be deny all. But if the users want to change the rules to make it permit-all with a few deny rules before that, we should allow them to change that.
Regards, Manan Shah On 3/21/13 10:24 PM, "Kishan Kavala" <kishan.kav...@citrix.com> wrote: >Please find my response inline: > >> -----Original Message----- >> From: Manan Shah [mailto:manan.s...@citrix.com] >> Sent: Thursday, 21 March 2013 11:05 PM >> To: dev@cloudstack.apache.org >> Cc: Manan Shah >> Subject: Re: [Discuss] ACL deny rules >> >> Thanks Kishan for sharing the FS. Below are some of my questions. >> >> 1. What is the default for an empty container? Is it allow all or deny >>all? > >[KK] Default is deny all. Same as before. Should it be editable or >just read-only? > >> 2. Can you describe the behaviour for upgrades? >[KK] Upgrade behaviour is already mentioned in the spec. > >> 3. Can you also make sure that deletion of Containers will be blocked >>when >> containers are attached to Tiers? >[KK] Added this to the spec. > >> >> Regards, >> Manan Shah >> >> >> >> >> On 3/21/13 2:29 AM, "Kishan Kavala" <kishan.kav...@citrix.com> wrote: >> >> >I would like add support for ACL deny rules in VPC. Functional spec is >> >available at [1] and jira ticket is [2]. >> >As part of this feature, NetworkACLContainer will also be introduced to >> >manage network ACLs. >> > >> >This feature is item 2.16 in nTier Apps 2.0 requirements [3]. >> > >> >[1] >> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+ACL+d >> eny >> >+ru >> >les >> >[2] https://issues.apache.org/jira/browse/CLOUDSTACK-763 >> >[3] >> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/nTier+Apps+2.0 >> +R >> >equ >> >irements >
