Agree!
+1
On Thu, Sep 18, 2014 at 1:47 PM, Lingxian Kong wrote:
> Hi, shihanzhang:
>
> Thanks for bringing this up, again.
>
> As I said before, this blueprint will solve the problems that the
> 'hard-coded' rules related to the default security group we are
> suffering from, which I do think wi
Hi, shihanzhang:
Thanks for bringing this up, again.
As I said before, this blueprint will solve the problems that the
'hard-coded' rules related to the default security group we are
suffering from, which I do think will give Fawad an anser. So, I
really hope that we can particapate all together
As I know there is no a way to disable default security groups, but I think
this BP can solve this problem:
https://blueprints.launchpad.net/neutron/+spec/default-rules-for-default-security-group
在 2014-09-17 07:44:42,"Aaron Rosen" 写道:
Hi,
Inline:
On Tue, Sep 16, 2014 at 1:00 AM, Fawad
Hi,
Inline:
On Tue, Sep 16, 2014 at 1:00 AM, Fawad Khaliq wrote:
> Folks,
>
> I have had discussions with some folks individually about this but I would
> like bring this to a broader audience.
>
> I have been playing with security groups and I see the notion of 'default'
> security group seems
Hi fawad
Yes, you're right.
I mentioned that not to answer the exact question, but think to drop some
line around it.
I do hope we can provide the capacity in the API layer, and let the
security group become more intuitive for users.
On Tue, Sep 16, 2014 at 10:45 PM, Fawad Khaliq wrote:
> Hi Boa
Hi Boahua,
Thanks for sharing your thoughts. The issues seen are not related to
"access", they are all related to API layer, so having ALLOW all etc does
not fix/workaround the problems I mentioned.
Please do share if you have something more to add.
Fawad Khaliq
On Tue, Sep 16, 2014 at 7:28 PM,
The similar problem has been discussed before.
There is no definitive answer, and currently seems we cannot simply disable
it since G version.
However, we can add some ALLOW rules to bypass the rules inside the
iptables chains.
Hope there be more flexibility to controller the security groups in the
Folks,
I have had discussions with some folks individually about this but I would
like bring this to a broader audience.
I have been playing with security groups and I see the notion of 'default'
security group seems to create some nuisance/issues.
There are list of things I have noticed so far: