Hi, Please find reply in line .. Thanks & regards, Keshava.A
-----Original Message----- From: Mike Grima [mailto:[email protected]] Sent: Thursday, May 22, 2014 3:55 PM To: A, Keshava Cc: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [Neutron][FWaaS]Firewall Web Services Research Thesis Applicability to the OpenStack Project Hello, Just to make sure I understand: 1.) I'm assuming that you can dilettante which policies apply to specific VM's within a group (Is this correct?). With regards to DENY permissions, they are handled specially. In such a case, all other VM's are provided with ALLOW permissions for that rule, while the destined VM for the DENY policy is provided with a DENY. - Would you necessarily want to automatically provide all other VM's with an ALLOW privilege? Not all VM's in that group may need access to that port... Keshava: Yes that's correct 2.) Group Policy does support a Hierarchy. (Is this correct?) Keshava: Yes that's correct 3.) On a separate note: Is the Group Policy feature exposed via a RESTful API akin to FWaaS? Thank you, Mike Grima, RHCE On May 22, 2014, at 2:08 AM, A, Keshava <[email protected]> wrote: > Hi, > > 1. When the group policy is applied ( across to all the VMs ) say deny for > specific TCP port = 80, however because some special reason one of that VM > needs to 'ALLOW TCP port' how to handle this ? > When deny is applied to any one of VM in that group , this framework > takes care of > individually breaking that and apply ALLOW for other VM > automatically ? > and apply Deny for that specific VM ? > > 2. Can there be 'Hierarchy of Group Policy " ? > > > > Thanks & regards, > Keshava.A > > -----Original Message----- > From: Michael Grima [mailto:[email protected]] > Sent: Wednesday, May 21, 2014 5:00 PM > To: [email protected] > Subject: Re: [openstack-dev] [Neutron][FWaaS]Firewall Web Services Research > Thesis Applicability to the OpenStack Project > > Sumit, > > Unfortunately, I missed the IRC meeting on FWaaS (got the timezones screwed > up...). > > However, in the meantime, please review this section of my thesis on the > OpenStack project: > https://docs.google.com/document/d/1DGhgtTY4FxYxOqhKvMSV20cIw5WWR-gXbaBoMMMA-f0/edit?usp=sharing > > Please let me know if it is missing anything, or contains any wrong > information. Also, if you have some time, please review the questions I have > asked in the previous messages. > > Thank you, > > -- > Mike Grima, RHCE > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
