This was an intentional decision. One of the goals of OpenStack is to provide consistency across different clouds and configurable defaults for new tenants default rules hurts consistency.
If I write a script to boot up a workload on one OpenStack cloud that allows everything by default and it doesn't work on another cloud that doesn't allow everything by default, that leads to a pretty bad user experience. I would now need logic to scan all of the existing security group rules and do a diff between what I want and what is there and have logic to resolve the difference. It's a backwards-incompatible change so we'll probably be stuck with the current behavior. On Fri, Jun 9, 2017 at 2:27 AM, Ahmed Mostafa <ahmedmostafa...@gmail.com> wrote: > I believe that there are no features impelemented in neutron that allows > changing the rules for the default security group. > > I am also interested in seeing such a feature implemented. > > I see only this blueprint : > > https://blueprints.launchpad.net/neutron/+spec/default- > rules-for-default-security-group > > But no work has been done on it so far. > > > > On Fri, Jun 9, 2017 at 9:16 AM, Paul Schlacter <wlfigh...@gmail.com> > wrote: > >> I see the neutron code, which added the default rules to write very >> rigid, only for ipv4 ipv6 plus two rules. What if I want to customize the >> default rules? >> >> ____________________________________________________________ >> ______________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev