Backlog #2396
Backlog #1225: Flexible firewall definition and dynamic behavior
Improve firewall.rb driver
| Status: | Closed | Start date: | 10/21/2013 | |
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | Drivers - Network | |||
| Target version: | - |
Description
Attached Firewall driver to provide advanced control of rules. Primarily this includes:
- traffic to/from VM
- specifying src and dst addresses
It works the same as the existing Firewall.rb by adding parameters to the NIC section of a VM template.
NIC = [ ..., FW_IN = "TCP,,:22,ACCEPT", FW_OUT = "TCP,:80,,ACCEPT" ]
Which translates to:
1. allow any host to SSH to this VM
2. allow this VM to browse the internet
The syntax for FW_OUT/FW_IN:
PROTOCOL,SRC,DST,ACTION
Where:
- PROTOCOL is the protocol (TCP, UDP, etc)
- ACTION is ACCEPT or DROP
- SRC/DST is the source/destination including port in this format: [1.2.3.4]:[port,port:port], the brackets are optional but required when the IP or PORT specification will contains : or , (IPv6 and multiple ports).
SRC/DEST can be left empty, or the IP or PORT part of the SRC/DST can be empty, to default to ANY IP or PORT.
Firewall-4.2.0.rb 
(4.51 KB)
Firewall-4.2.0-1.rb
(4.73 KB)
History
#1
Updated by Chris Johnston over 7 years ago
- File Firewall-4.2.0-1.rb added
Latest version attached.
#2
Updated by Jaime Melis over 7 years ago
- Tracker changed from Request to Feature
- Status changed from Pending to New
- Target version set to Release 4.4
#3
Updated by Ruben S. Montero over 7 years ago
- Assignee set to Javi Fontan
#4
Updated by Javi Fontan over 7 years ago
- Target version changed from Release 4.4 to Release 4.6
We are going to move adding these features for the next release. The changes make the old way of configuring the firewall incompatible and we are too close to the release to make both versions work.
These new features can be easily added to a 4.4 version just changing the standard firewall library by this one. It is even a good candidate for an addon in case this is needed before 4.6.
#5
Updated by Ruben S. Montero over 7 years ago
- Parent task set to #1225
#6
Updated by Ruben S. Montero over 7 years ago
- Tracker changed from Feature to Backlog
- Status changed from New to Pending
- Assignee deleted (
Javi Fontan) - Priority changed from Normal to High
- Target version deleted (
Release 4.6)
#7
Updated by Ruben S. Montero over 6 years ago
- Status changed from Pending to Closed