I believe your request matches this, and I agree it'd be something good https://blueprints.launchpad.net/neutron/+spec/default-rules-for-default-security-group
And also, the fact that we have hardcoded default security group settings. It would be good to have a system wide default security group settings. https://github.com/openstack/neutron/blob/master/neutron/db/securitygroups_db.py#L122 ----- Original Message ----- > Hi! > > I've decided that as I have problems with OpenStack while using it in > the service of Infra, I'm going to just start spamming the list. > > Please make something like this: > > neutron security-group-create default --allow-every-damn-thing > > Right now, to make security groups get the hell out of our way because > they do not provide us any value because we manage our own iptables, it > takes adding something like 20 rules. > > 15:24:05 clarkb | one each for ingress and egress udp tcp over > ipv4 then ipv6 and finaly icmp > > That may be great for someone using my-first-server-pony, but for me, I > know how the internet works, and when I ask for a server, I want it to > just work. > > Now, I know, I know - the DEPLOYER can make decisions blah blah blah. > > BS > > If OpenStack is going to let my deployer make the absolutely assinine > decision that all of my network traffic should be blocked by default, it > should give me, the USER, a get out of jail free card. > > kthxbai > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
