I think "close by default" is the general practice in OpenStack, mainly
for security reasons. I personally don't think it is a good idea to
change that, but I marked this bug as "Opinion" so others can weight in
this proposal.
** Tags added: fwaas
** Changed in: neutron
Status: New => Opinion
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1848131
Title:
[FWaaS] Support blacklist filtering
Status in neutron:
Opinion
Bug description:
Currently, FWaaS v1/v2 insert default rule 'deny all' and admin should
add white list to be allowed.
I think in private cloud, whitelist based filtering which by default
'allow all' and add black list to be filtered, also will be necessary.
For our cases, we have some sensitive services (DB[3306] for example)
to be blocked from some projects. By default, what we need is to block
the some ports from somewhere, we just changed default rule 'deny all'
to 'allow all'. I will be happily accept if I can take this by config.
Thanks!
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1848131/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
