[occi-wg] Firewalling Syntax (was Re: OCCI Dashboard)
samj at samj.net
Thu Jun 25 09:10:35 CDT 2009
On Thu, Jun 25, 2009 at 3:45 PM, <shlomo.swidler at gmail.com> wrote:
> 1. There is no Noun or Attribute for "Security Groups". The API should
> allow me to define a network security group (consisting of a
> collection of protocol+port+CIDR specifications), and allow each
> network interface to belong to multiple security groups. There was
> some discussion back in May  about networking attributes, but it
> did not get very far.
My (undocumented) thoughts on this thus far are that we should have an
extension that allows users to specify firewall rules on network
associations in a simple format like
pass in proto tcp from any port www
For "groups" you would associate multiple resources to the same network and
then associate that network with another, specifying rules on the
For more advanced functionality like Netscaler VPX, ZXTM, etc. there would
be a dedicated compute or network resource (as appropriate).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the occi-wg