You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by "btzq (via GitHub)" <gi...@apache.org> on 2024/04/01 15:58:29 UTC

[I] Support Destination CIDR [cloudstack]

btzq opened a new issue, #8864:
URL: https://github.com/apache/cloudstack/issues/8864

   <!--
   Verify first that your issue/request is not already reported on GitHub.
   Also test if the latest release and main branch are affected too.
   Always add information AFTER of these HTML comments, but no need to delete the comments.
   -->
   
   ##### ISSUE TYPE
   <!-- Pick one below and delete the rest -->
    * Improvement Request
   
   ##### COMPONENT NAME
   <!--
   Categorize the issue, e.g. API, VR, VPN, UI, etc.
   -->
   ~~~
   Improvement Request (UI, Functionality)
   ~~~
   
   ##### CLOUDSTACK VERSION
   <!--
   New line separated list of affected versions, commit ID for issues on main branch.
   -->
   
   ~~~
   4.19
   ~~~
   
   ##### CONFIGURATION
   <!--
   Information about the configuration if relevant, e.g. basic network, advanced networking, etc.  N/A otherwise
   -->
   N/A
   
   ##### OS / ENVIRONMENT
   <!--
   Information about the environment if relevant, N/A otherwise
   -->
   N/A
   
   ##### SUMMARY
   <!-- Explain the problem/feature briefly -->
   Note: This ticket is broken down as requested from the origianl post, https://github.com/apache/cloudstack/issues/8841
   
   **Support Destination CIDR**
   
   - Reduces number of ACL Rules required
   - Adds more security
   - Makes ACL rule function more complete
   
   ##### STEPS TO REPRODUCE
   <!--
   For bugs, show exactly how to reproduce the problem, using a minimal test-case. Use Screenshots if accurate.
   
   For new features, show how the feature would be used.
   -->
   N/A
   
   <!-- Paste example playbooks or commands between quotes below -->
   ~~~
   N/A
   ~~~
   
   <!-- You can also paste gist.github.com links for larger files -->
   
   ##### EXPECTED RESULTS
   <!-- What did you expect to happen when running the steps above? -->
   
   ~~~
   To be able to manage ACL Rules more easily for large scale projects
   ~~~
   
   ##### ACTUAL RESULTS
   <!-- What actually happened? -->
   
   <!-- Paste verbatim command output between quotes below -->
   ~~~
   Challenging to use ACL rules for large scale projects.
   ~~~
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Support Destination CIDR [cloudstack]

Posted by "btzq (via GitHub)" <gi...@apache.org>.

btzq commented on issue #8864:
URL: https://github.com/apache/cloudstack/issues/8864#issuecomment-2050840253

   Yes maybe we can limit it to Private Adresses for the time being and see how it goes. This is also to limit the blast radius of bugs due to the big change. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Support Destination CIDR [cloudstack]

Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.

DaanHoogland commented on issue #8864:
URL: https://github.com/apache/cloudstack/issues/8864#issuecomment-2049260607

   This is a bit complicated but a valid request.
   For this we need to add changes through the whole system: in the 
   - VR scripts
   - backend command(s)
   - DB
   - virtual appliance managers
   - service
   - API
   - and finally in the UI
   It is not a very complicated addition but requires quite some knowledge af the system.
   
   and extra consideration is that the destination ip (as soon as the packet has entered the VR) is no longer the public ip, so destination can become a bit ambiguous. I suggest we limit this functionality to only apply to the private addresses of the VMs.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Support Destination CIDR [cloudstack]

Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.

DaanHoogland commented on issue #8864:
URL: https://github.com/apache/cloudstack/issues/8864#issuecomment-2032361072

   not sure if this would be UI only or even API would be enough. sounds complicated.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org