I think "close by default" is the general practice in OpenStack, mainly for security reasons. I personally don't think it is a good idea to change that, but I marked this bug as "Opinion" so others can weight in this proposal.
** Tags added: fwaas ** Changed in: neutron Status: New => Opinion -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1848131 Title: [FWaaS] Support blacklist filtering Status in neutron: Opinion Bug description: Currently, FWaaS v1/v2 insert default rule 'deny all' and admin should add white list to be allowed. I think in private cloud, whitelist based filtering which by default 'allow all' and add black list to be filtered, also will be necessary. For our cases, we have some sensitive services (DB[3306] for example) to be blocked from some projects. By default, what we need is to block the some ports from somewhere, we just changed default rule 'deny all' to 'allow all'. I will be happily accept if I can take this by config. Thanks! To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1848131/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp