Are there any blueprints or discussion around logging the actions of iptables rules that are generated from security groups?
Typically a firewall produces copious logs. As far as I can tell, Neutron security groups permit or deny traffic but don't provide any record at all of what happened. Obviously iptables itself supports logging, but I haven't seen anything in https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_firewall.py that looks like it adds logging rules. I'd be curious to know if this is just a case of no one having added it yet, or if there was any explicit decision to NOT support logging (either as a provider enforced standard, or as a tenant configurable per-rule setting.)
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
