You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Jayapal Reddy <ja...@citrix.com> on 2013/06/20 07:05:31 UTC

Review Request: Egress firewall rules default policy configuration using network offering

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/11988/
-----------------------------------------------------------

Review request for cloudstack, Anthony Urso, Abhinandan Prateek, Murali Reddy, and Alena Prokharchyk.


Description
-------

Egress rules default policy configuration using the network offering.
This patch is for xenserver with VR as firewall provider.

Here is the FS:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall+rules+-+Ability+to+change+the+default

The work flow:
1. For default network offerings the egress default policy is block
2. While creating network offering, by default egress default policy is allow and it can be configured to deny.
3. When egress default policy is allow, rules are added to block the traffic and if default policy is deny rules added to allow the traffic


This addresses bug CLOUDSTACK-1578.


Diffs
-----

  api/src/com/cloud/agent/api/to/FirewallRuleTO.java f296aa4 
  api/src/com/cloud/offering/NetworkOffering.java 72e2a2b 
  api/src/org/apache/cloudstack/api/ApiConstants.java ab1402c 
  api/src/org/apache/cloudstack/api/command/admin/network/CreateNetworkOfferingCmd.java 6410715 
  api/src/org/apache/cloudstack/api/response/NetworkOfferingResponse.java 7a7e371 
  core/src/com/cloud/agent/api/routing/NetworkElementCommand.java ddb7ac8 
  engine/schema/src/com/cloud/network/rules/FirewallRuleVO.java 9f73029 
  engine/schema/src/com/cloud/offerings/NetworkOfferingVO.java 3ae0bf3 
  patches/systemvm/debian/config/root/firewallRule_egress.sh 0da7718 
  plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java 5e8283a 
  server/src/com/cloud/api/ApiResponseHelper.java 94c5d6c 
  server/src/com/cloud/configuration/ConfigurationManager.java 8db037b 
  server/src/com/cloud/configuration/ConfigurationManagerImpl.java 131d340 
  server/src/com/cloud/network/NetworkManagerImpl.java d6a6450 
  server/src/com/cloud/network/firewall/FirewallManagerImpl.java f7275b0 
  server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java 8da5176 
  server/src/com/cloud/network/rules/FirewallManager.java 2bce8fe 
  server/src/com/cloud/server/ConfigurationServerImpl.java d334d7e 
  server/test/com/cloud/network/MockFirewallManagerImpl.java 95bb1d1 
  server/test/com/cloud/vpc/MockConfigurationManagerImpl.java 21b3590 
  server/test/org/apache/cloudstack/networkoffering/CreateNetworkOfferingTest.java 4a2c867 
  setup/db/db/schema-410to420.sql bcfbcc9 

Diff: https://reviews.apache.org/r/11988/diff/


Testing
-------

1. Tested on xenserver with VR as firewall


Thanks,

Jayapal Reddy