Howdy Stackers!
There is a security group problem has been bothering me, but I do not know
whether is appropriate to consult in there! For a security group rule, it will
convert to iptable rules in compute node, but a iptable rule '-m state --state
RELATED,ESTABLISHED -j RETURN' confuse me, according to my understanding this
rule is to improve the performance of the security group by filteing the first
package, there are other reasons?
I hava a use-case: create a securiy group with few securiy group rule, then
gradually increase the amount of security group rules based on business, if a
VM in this security group also have connection, the new rules will not take
effect, how could I deal with such scenarios?
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev