@Kevin I am using nova vlan manager , adding rule for every vlan would be then one more task todo.
This is first scenerio In my case i am using nova-network with vlan manager , so i would like to use my own router instead of the bridge that openstack creates, even i have implemented inter-vlan routing , i want some vlans to commmunicate to a single vlan, but not those vlans with each other. Second Scenerio If i use a external router , and implemented inter-vlan routing , still my vlans communication is blocked by nova security group thats why i need to disable security group. @Kiall , i think this flag would work i once used in for quantum,i would try this. On Wed, Nov 21, 2012 at 7:44 PM, Kevin Jackson <[email protected]>wrote: > Hi Ritesh, > You will need to have enabled some rules - even if you provide rules that > give carte blanch access to your instances. This is courtesy of the > 'default' security group - that by design prevents any access and by > design, is a default if you don't specify any security groups when > launching instances. > > Whilst its easy to say you shouldn't do what you're intending to do and > relying on perimeter security alone, that is not what you're asking and I'm > all for choice and learning. > > So in your instance: > > nova secgroup-add-rule default tcp 0 65536 0.0.0.0/0 > nova secgroup-add-rule default udp 0 65536 0.0.0.0/0 > nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 > > Note this is the netsec equivalent of doing chmod 777 on a file. > > To actually delete groups though > > nova secgroup-delete nameOfGroup > > Regards, > Kev > > > On 21 November 2012 13:45, Ritesh Nanda <[email protected]> wrote: > >> Hello, >> >> Is there anyway we can disable security group in nova, as i would be >> using an external firewall to do that. >> >> -- >> >> * With Regards >> * >> >> * Ritesh Nanda >> * >> >> *** >> * >> <http://www.ericsson.com/> >> >> >> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > > > -- > Kevin Jackson > @itarchitectkev > -- * With Regards * * Ritesh Nanda * *** * <http://www.ericsson.com/>
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
