On Tue, Oct 9, 2012 at 5:14 AM, Jayapal Reddy Uradi <jayapalreddy.ur...@citrix.com> wrote: > The egress firewall rules feature will configure the egress rules for guest > network on VR/External firewall to ALLOW > > specified traffic to outside and BLOCK the remaining traffic. > > > > By default all the traffic is ALLOWED to public network. When you specify a > egress rule only that rule specific traffic is allowed. > > > > I have created a functional spec here: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall+rules+for+guest+network > > > > Please review and provide your comments. > > Thanks, > Jayapal
So I noticed you are modifying createFirewallRule in a way which would break backwards compatibility, or at least make it more difficult. I'd suggest that trafficType be optional and default to to ingress - which means existing calls being issued today should continue to work as they do now, and folks wishing to take advantage of egress filtering can pass trafficType=egress for any calls. Is there any downside to doing it that way that I am missing? --David
