Hello, Just to make sure I understand:
1.) I’m assuming that you can dilettante which policies apply to specific VM’s within a group (Is this correct?). With regards to DENY permissions, they are handled specially. In such a case, all other VM’s are provided with ALLOW permissions for that rule, while the destined VM for the DENY policy is provided with a DENY. — Would you necessarily want to automatically provide all other VM’s with an ALLOW privilege? Not all VM’s in that group may need access to that port... 2.) Group Policy does support a Hierarchy. (Is this correct?) 3.) On a separate note: Is the Group Policy feature exposed via a RESTful API akin to FWaaS? Thank you, Mike Grima, RHCE On May 22, 2014, at 2:08 AM, A, Keshava <[email protected]> wrote: > Hi, > > 1. When the group policy is applied ( across to all the VMs ) say deny for > specific TCP port = 80, however because some special reason one of that VM > needs to 'ALLOW TCP port' how to handle this ? > When deny is applied to any one of VM in that group , this framework > takes care of > individually breaking that and apply ALLOW for other VM > automatically ? > and apply Deny for that specific VM ? > > 2. Can there be 'Hierarchy of Group Policy " ? > > > > Thanks & regards, > Keshava.A > > -----Original Message----- > From: Michael Grima [mailto:[email protected]] > Sent: Wednesday, May 21, 2014 5:00 PM > To: [email protected] > Subject: Re: [openstack-dev] [Neutron][FWaaS]Firewall Web Services Research > Thesis Applicability to the OpenStack Project > > Sumit, > > Unfortunately, I missed the IRC meeting on FWaaS (got the timezones screwed > up...). > > However, in the meantime, please review this section of my thesis on the > OpenStack project: > https://docs.google.com/document/d/1DGhgtTY4FxYxOqhKvMSV20cIw5WWR-gXbaBoMMMA-f0/edit?usp=sharing > > Please let me know if it is missing anything, or contains any wrong > information. Also, if you have some time, please review the questions I have > asked in the previous messages. > > Thank you, > > -- > Mike Grima, RHCE > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
