For example, in usecase of VM is a LVS (Linux Virtual Server), to make any client's ip outgoing, we need configure allowed_address_pairs to 0.0.0.0/0, or disable security-group on port by setting "port-security-enable" false. After that, mac-level rules are needed to protect other VMs.
Does anyone else has other usecase? Yan Xing'an From: Daniel Comnea Date: 2015-07-15 14:14 To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [neutron][security-group] rules for filter mac-addresses Can i understand the use case for that? What i don't get it is how will you know the MAC for a new created instance via HEAT so you can set at the same time the SG based on MAC? On Tue, Jul 14, 2015 at 12:29 PM, [email protected] <[email protected]> wrote: Thank you, Kevin. I search the blueprint about this point in launchpad.net, and got nothing, then register one at: https://blueprints.launchpad.net/neutron/+spec/security-group-mac-rule Yan Xing'an From: Kevin Benton Date: 2015-07-14 18:31 To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [neutron][security-group] rules for filter mac-addresses Unfortunately the security groups API does not have mac-level rules right now. On Tue, Jul 14, 2015 at 2:17 AM, [email protected] <[email protected]> wrote: Hi, all: Here is a requirement: deny/permit incoming packets on VM by mac addresses, I have tried to find better method than modifying neutron code, but failed. Any suggesion is grateful. Thank you. Yan. [email protected] __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Kevin Benton __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
