Hi Dies, On Wed, 2012-08-15 at 17:04 +1000, Koper, Dies wrote: > I'd like to take another stab at firewall support for FGCP with DC. > > Currently, FW creation, start/stop are covered but FW rules are not > mapped well. > The biggest issue is that the DC API assumes all rules are 'accept' > rules while the FGCP includes both 'accept' and 'deny' rules. > > In the FGCP API, rules have an 'action' field indicating how a triggered > rule should be actioned on. > Its possible values are 'Accept' and 'Deny'. > > Can we extend the Rule object with an additional field for this? > I assume with its default value being the status quo for EC2 and GoGrid > (and I suppose in this case it can be omitted entirely in an XML > response) and currently only the FGCP setting it for 'Deny' rules, we > maintain full backwards compatibility. > > One other field that FGCP has and the DC API does not have, but is not > critical, is a 'log' field indicating whether it should be logged when > this rule is triggered. I thought I'd mention it anyway in case any of > the other providers support such a field and you were considering to > support it.
Yes, I think these are sensible suggestions; we'll also need to advertise in the API somewhere (as a feature ?) whether you can only create accept rules or whether you can create accept/deny rules. As for logging, I'd be fine with making that another feature for firewalls. David
