+1 for adding description and "Deny" option to the firewall API -----Original Message----- From: Logan Barfield [mailto:lbarfi...@tqhosting.com] Sent: Friday, December 19, 2014 10:00 PM To: dev@cloudstack.apache.org Subject: Re: Potential feature: Firewall comments
On this same note: Is there currently a way to add DROP rules to the VR firewall? I know you can add a default allow egress policy and block specific things, but that doesn't help for incoming threats. For instance if you want to allow public access to a web server (port 80), but want to block a particular attackers IP or subnet. Right now you have to set up a second level firewall on the VM itself for this. Would it be feasible to add a "Deny" option to the firewall API? Thank You, Logan Barfield Tranquil Hosting On Mon, Dec 15, 2014 at 11:49 PM, Jayapal Reddy Uradi < jayapalreddy.ur...@citrix.com> wrote: > > +1 > > When there are large set of rules, It will be useful. > > Thanks, > Jayapal > On 16-Dec-2014, at 4:17 AM, Logan Barfield <lbarfi...@tqhosting.com> > wrote: > > > Currently in the UI and API it can be difficult to tell what exactly > > a particular firewall rule is being used for. I know that it is > > currently possible to add "tags" to firewall rules, but that seems > > suboptimal from > an > > ease-of-use standpoint. > > > > Would it be feasible to add a "comment" or "description" field for > firewall > > rules in advanced zones? It could be added as an extra DB column, > > and appear in the UI and listFirewallRules API call (unless it's left > > blank). > > In theory the description/comment could also be added to the > > IPtables > rule > > on the VR. > > > > This could probably also be applied to security groups. > > > > > > Thoughts, comments? > >
