[occi-wg] Firewalling Syntax (was Re: OCCI Dashboard)
Sam Johnston
samj at samj.net
Thu Jun 25 09:10:35 CDT 2009
On Thu, Jun 25, 2009 at 3:45 PM, <shlomo.swidler at gmail.com> wrote:
> 1. There is no Noun or Attribute for "Security Groups". The API should
> allow me to define a network security group (consisting of a
> collection of protocol+port+CIDR specifications), and allow each
> network interface to belong to multiple security groups. There was
> some discussion back in May [2] about networking attributes, but it
> did not get very far.
>
My (undocumented) thoughts on this thus far are that we should have an
extension that allows users to specify firewall rules on network
associations in a simple format like
ufw<http://www.ubuntugeek.com/ufw-uncomplicated-firewall-for-ubuntu-hardy.html>or
pf <http://www.openbsd.org/faq/pf/filter.html#syntax>:
pass in proto tcp from any port www
>
For "groups" you would associate multiple resources to the same network and
then associate that network with another, specifying rules on the
association.
For more advanced functionality like Netscaler VPX, ZXTM, etc. there would
be a dedicated compute or network resource (as appropriate).
Feedback welcome,
Sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ogf.org/pipermail/occi-wg/attachments/20090625/f3a75cbd/attachment.html
More information about the occi-wg
mailing list