I believe your request matches this, and I agree
it'd be something good

https://blueprints.launchpad.net/neutron/+spec/default-rules-for-default-security-group

And also, the fact that we have hardcoded default 
security group settings. It would be good to have 
a system wide default security group settings.

https://github.com/openstack/neutron/blob/master/neutron/db/securitygroups_db.py#L122





----- Original Message -----
> Hi!
> 
> I've decided that as I have problems with OpenStack while using it in
> the service of Infra, I'm going to just start spamming the list.
> 
> Please make something like this:
> 
> neutron security-group-create default --allow-every-damn-thing
> 
> Right now, to make security groups get the hell out of our way because
> they do not provide us any value because we manage our own iptables, it
> takes adding something like 20 rules.
> 
> 15:24:05          clarkb | one each for ingress and egress udp tcp over
> ipv4 then ipv6 and finaly icmp
> 
> That may be great for someone using my-first-server-pony, but for me, I
> know how the internet works, and when I ask for a server, I want it to
> just work.
> 
> Now, I know, I know - the DEPLOYER can make decisions blah blah blah.
> 
> BS
> 
> If OpenStack is going to let my deployer make the absolutely assinine
> decision that all of my network traffic should be blocked by default, it
> should give me, the USER, a get out of jail free card.
> 
> kthxbai
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to