> On April 8, 2013, 11:25 p.m., Sheng Yang wrote: > > plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java, > > line 830 > > <https://reviews.apache.org/r/10336/diff/1/?file=278647#file278647line830> > > > > What's these trafficType and guestVlan for? Didn't see them in the > > scope. > > Jayapal Reddy wrote: > 1. The traffic type is for identifying the rule type whether it is > Egress/Ingress. > 2. Guest Vlan is used for crating unique egress firewall rule name.
I meant, I didn't see the reference of them anywhere in the code. > On April 8, 2013, 11:25 p.m., Sheng Yang wrote: > > plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java, > > line 2572 > > <https://reviews.apache.org/r/10336/diff/1/?file=278647#file278647line2572> > > > > I am not sure if you need create application for egress rules. Ingress > > firewall don't need it. I suppose applications are for security policy > > rather than firewall filter? > > Jayapal Reddy wrote: > Application for egress required because in case of ingress security > policies while deleting a policy it is deleting the applications which are > not used by it. > > Example: > 1. security policy ingress rule for tcp-22-22 > 2. Egress rule for tcp-22-22 > 3. If we don't add separate egress application name there will be one > application with name tcp-22-22 > 4. Deleting security policy ingress rule will delete tcp-22-22 > application which needed by egress rule. > So we need separate application name for egress/ > > In fact I'm talking about firewall filter, which doesn't need applications. But seems you're using security policy for egress purpose. Then it should be fine. - Sheng ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/10336/#review18804 ----------------------------------------------------------- On April 9, 2013, 6:12 a.m., Jayapal Reddy wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/10336/ > ----------------------------------------------------------- > > (Updated April 9, 2013, 6:12 a.m.) > > > Review request for cloudstack, Abhinandan Prateek, Sheng Yang, and Murali > Reddy. > > > Description > ------- > > Added egress firewall rules support for SRX device. > Supported networks: > 1. Advanced Isolated networks. > > > This addresses bug CLOUDSTACK-779. > > > Diffs > ----- > > api/src/com/cloud/agent/api/to/FirewallRuleTO.java 7f77936 > > plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java > af0912a > > plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java > 8482168 > scripts/network/juniper/application-add.xml 6603850 > scripts/network/juniper/security-policy-add.xml 632a17d > server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java 1fc32d0 > server/src/com/cloud/upgrade/dao/Upgrade410to420.java f39038f > > Diff: https://reviews.apache.org/r/10336/diff/ > > > Testing > ------- > > Unit Testing done. > > > Thanks, > > Jayapal Reddy > >
