> -----Original Message----- > From: williamstev...@gmail.com [mailto:williamstev...@gmail.com] On > Behalf Of Will Stevens > Sent: Wednesday, May 15, 2013 12:19 AM > To: dev@cloudstack.apache.org; aemne...@gmail.com > Subject: Re: Firewall rule question > > Ya, I am not sure. I am working off a master branch from about 2-3 weeks > ago. I was kind of expecting it to error and it didn't, so it was not clear > how > that case would behave. I am currently developing an integration with the > Palo Alto firewall and they don't support specifying a protocol like TCP > without any port information. I still have to finalize the logic associated > with > that edge case, so I wanted to understand what the expected behaviour was > from that config. >
I recently did the Cisco ASA firewall integration and there it is allowed to create a firewall rule with TCP without specifying any port information. I think you can either do one of the following: - Block it if Palo Alto firewall doesn't allow creation of TCP rule without port information OR - Create a rule with all possible port ranges (min and max port values) > > On Tue, May 14, 2013 at 2:41 PM, Ahmad Emneina <aemne...@gmail.com> > wrote: > > > I'm hoping thats not the default behavior, and nothing happens on the > > firewall. I guess the fact that empty values entered returns success > > is a bug? > > > > > > On Tue, May 14, 2013 at 8:00 AM, Will Stevens <wstev...@cloudops.com> > > wrote: > > > > > This applies to both Egress firewall rules as well as IP specific > > firewall > > > rules. > > > > > > If you specify TCP but do not specify any port details, it saves > > > fine. I am wondering what this config implies. Does this mean that > > > all TCP > > traffic > > > is allowed? > > > > > > Thanks, > > > > > > Will > > > > >