> On April 8, 2013, 11:25 p.m., Sheng Yang wrote: > > plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java, > > line 830 > > <https://reviews.apache.org/r/10336/diff/1/?file=278647#file278647line830> > > > > What's these trafficType and guestVlan for? Didn't see them in the > > scope.
1. The traffic type is for identifying the rule type whether it is Egress/Ingress. 2. Guest Vlan is used for crating unique egress firewall rule name. > On April 8, 2013, 11:25 p.m., Sheng Yang wrote: > > plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java, > > line 2572 > > <https://reviews.apache.org/r/10336/diff/1/?file=278647#file278647line2572> > > > > I am not sure if you need create application for egress rules. Ingress > > firewall don't need it. I suppose applications are for security policy > > rather than firewall filter? Application for egress required because in case of ingress security policies while deleting a policy it is deleting the applications which are not used by it. Example: 1. security policy ingress rule for tcp-22-22 2. Egress rule for tcp-22-22 3. If we don't add separate egress application name there will be one application with name tcp-22-22 4. Deleting security policy ingress rule will delete tcp-22-22 application which needed by egress rule. So we need separate application name for egress/ - Jayapal ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/10336/#review18804 ----------------------------------------------------------- On April 8, 2013, 12:36 p.m., Jayapal Reddy wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/10336/ > ----------------------------------------------------------- > > (Updated April 8, 2013, 12:36 p.m.) > > > Review request for cloudstack, Abhinandan Prateek, Sheng Yang, and Murali > Reddy. > > > Description > ------- > > Added egress firewall rules support for SRX device. > Supported networks: > 1. Advanced Isolated networks. > > > This addresses bug CLOUDSTACK-779. > > > Diffs > ----- > > api/src/com/cloud/agent/api/to/FirewallRuleTO.java 7f77936 > > plugins/network-elements/juniper-srx/src/com/cloud/network/element/JuniperSRXExternalFirewallElement.java > af0912a > > plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java > 8482168 > scripts/network/juniper/application-add.xml 6603850 > scripts/network/juniper/security-policy-add.xml 632a17d > server/src/com/cloud/network/ExternalFirewallDeviceManagerImpl.java 1fc32d0 > > Diff: https://reviews.apache.org/r/10336/diff/ > > > Testing > ------- > > Unit Testing done. > > > Thanks, > > Jayapal Reddy > >
