I'd like to take another stab at firewall support for FGCP with DC. Currently, FW creation, start/stop are covered but FW rules are not mapped well. The biggest issue is that the DC API assumes all rules are 'accept' rules while the FGCP includes both 'accept' and 'deny' rules.
In the FGCP API, rules have an 'action' field indicating how a triggered rule should be actioned on. Its possible values are 'Accept' and 'Deny'. Can we extend the Rule object with an additional field for this? I assume with its default value being the status quo for EC2 and GoGrid (and I suppose in this case it can be omitted entirely in an XML response) and currently only the FGCP setting it for 'Deny' rules, we maintain full backwards compatibility. One other field that FGCP has and the DC API does not have, but is not critical, is a 'log' field indicating whether it should be logged when this rule is triggered. I thought I'd mention it anyway in case any of the other providers support such a field and you were considering to support it. Cheers, Dies Koper
