You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bf...@apache.org on 2013/07/09 22:46:24 UTC

[42/50] [abbrv] git commit: updated refs/heads/ui-ucs to 9334dab

network acl concepts CLOUDSTACK-2806


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/44b219ec
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/44b219ec
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/44b219ec

Branch: refs/heads/ui-ucs
Commit: 44b219ec75399a2f2ceb91c389ec53f27afab9f1
Parents: 4779a00
Author: radhikap <ra...@citrix.com>
Authored: Tue Jul 9 13:45:29 2013 +0530
Committer: radhikap <ra...@citrix.com>
Committed: Tue Jul 9 13:45:58 2013 +0530

----------------------------------------------------------------------
 docs/en-US/configure-acl.xml | 86 ++++++++++++++++++++++++++++++++++-----
 1 file changed, 75 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/44b219ec/docs/en-US/configure-acl.xml
----------------------------------------------------------------------
diff --git a/docs/en-US/configure-acl.xml b/docs/en-US/configure-acl.xml
index 1def9ea..e4d5dad 100644
--- a/docs/en-US/configure-acl.xml
+++ b/docs/en-US/configure-acl.xml
@@ -25,6 +25,53 @@
     default, all incoming and outgoing traffic to the guest networks is blocked. To open the ports,
     you must create a new network ACL. The network ACLs can be created for the tiers only if the
     NetworkACL service is supported.</para>
+  <section id="network-acl">
+    <title>About Network ACL Lists</title>
+    <para>In &PRODUCT; terminology, Network ACL is a group of Network ACL items. Network ACL items
+      are nothing but numbered rules that are evaluated in order, starting with the lowest numbered
+      rule. These rules determine whether traffic is allowed in or out of any tier associated with
+      the network ACL. You need to add the Network ACL items to the Network ACL, then associate the
+      Network ACL with a tier. Network ACL is associated with a VPC and can be assigned to multiple
+      VPC tiers within a VPC. A Tier is associated with a Network ACL at all the times. Each tier
+      can be associated with only one ACL.</para>
+    <para>The default Network ACL is used when no ACL is associated. Default behavior is all the
+      incoming and outgoing traffic is blocked to the tiers. Default network ACL cannot be removed
+      or modified. Contents of the default Network ACL is:</para>
+    <informaltable>
+      <tgroup cols="5" align="left" colsep="1" rowsep="1">
+        <colspec colnum="1" colname="c1" colwidth="31.5pt"/>
+        <colspec colnum="2" colname="c2" colwidth="58.5pt"/>
+        <colspec colnum="3" colname="c3" colwidth="66.0pt"/>
+        <colspec colnum="4" colname="c4" colwidth="48.0pt"/>
+        <colspec colnum="5" colname="c5" colwidth="58.5pt"/>
+        <thead>
+          <row>
+            <entry><para>Rule</para></entry>
+            <entry><para>Protocol</para></entry>
+            <entry><para>Traffic type</para></entry>
+            <entry><para>Action</para></entry>
+            <entry><para>CIDR</para></entry>
+          </row>
+        </thead>
+        <tbody>
+          <row>
+            <entry><para>1</para></entry>
+            <entry><para>All</para></entry>
+            <entry><para>Ingress</para></entry>
+            <entry><para>Deny</para></entry>
+            <entry><para>0.0.0.0/0</para></entry>
+          </row>
+          <row>
+            <entry><para>2</para></entry>
+            <entry><para>All</para></entry>
+            <entry><para>Egress</para></entry>
+            <entry><para>Deny</para></entry>
+            <entry><para>0.0.0.0/0</para></entry>
+          </row>
+        </tbody>
+      </tgroup>
+    </informaltable>
+  </section>
   <section id="acl-list">
     <title>Creating ACL Lists</title>
     <orderedlist>
@@ -123,6 +170,10 @@
           traffic is allowed in the VPC. </para>
         <itemizedlist>
           <listitem>
+            <para><emphasis role="bold">Rule Number</emphasis>: The order in which the rules are
+              evaluated.</para>
+          </listitem>
+          <listitem>
             <para><emphasis role="bold">CIDR</emphasis>: The CIDR acts as the Source CIDR for the
               Ingress rules, and Destination CIDR for the Egress rules. To accept traffic only from
               or to the IP addresses within a particular address block, enter a CIDR or a
@@ -130,6 +181,10 @@
               traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.</para>
           </listitem>
           <listitem>
+            <para><emphasis role="bold">Action</emphasis>: What action to be taken. Allow traffic or
+              block.</para>
+          </listitem>
+          <listitem>
             <para><emphasis role="bold">Protocol</emphasis>: The networking protocol that sources
               use to send traffic to the tier. The TCP and UDP protocols are typically used for data
               exchange and end-user communications. The ICMP protocol is typically used to send
@@ -154,7 +209,8 @@
               sent.</para>
           </listitem>
           <listitem>
-            <para><emphasis role="bold">Action</emphasis>: What action to be taken. </para>
+            <para><emphasis role="bold">Traffic Type</emphasis>: The type of traffic: Incoming or
+              outgoing.</para>
           </listitem>
         </itemizedlist>
       </listitem>
@@ -181,7 +237,9 @@
         <para>Create a tier in the VPC.</para>
         <para>Select the desired ACL list while creating a tier.</para>
       </listitem>
-      <listitem><para>Click OK.</para></listitem>
+      <listitem>
+        <para>Click OK.</para>
+      </listitem>
     </orderedlist>
   </section>
   <section id="assign-acl-tier">
@@ -205,17 +263,23 @@
       <listitem>
         <para>Select the tier for which you want to assign the custom ACL.</para>
       </listitem>
-      <listitem><para>Click the Replace ACL List icon.<inlinemediaobject>
-        <imageobject>
-          <imagedata fileref="./images/replace-acl-icon.png"/>
-        </imageobject>
-        <textobject>
+      <listitem>
+        <para>Click the Replace ACL List icon.<inlinemediaobject>
+            <imageobject>
+              <imagedata fileref="./images/replace-acl-icon.png"/>
+            </imageobject>
+            <textobject>
               <phrase>replace-acl-icon.png: button to replace an ACL list</phrase>
             </textobject>
-      </inlinemediaobject></para>
-      <para>The Replace ACL List dialog is displayed.</para></listitem>
-      <listitem><para>Select the desired ACL list.</para></listitem>
-      <listitem><para>Click OK.</para></listitem>
+          </inlinemediaobject></para>
+        <para>The Replace ACL List dialog is displayed.</para>
+      </listitem>
+      <listitem>
+        <para>Select the desired ACL list.</para>
+      </listitem>
+      <listitem>
+        <para>Click OK.</para>
+      </listitem>
     </orderedlist>
   </section>
 </section>