Hi Nilesh, Please fine my inline comments.
Thanks, Jayapal From: Nilesh Vishwakarma Sent: Thursday, October 11, 2012 6:37 PM To: Jayapal Reddy Uradi Cc: cloudstack-dev@incubator.apache.org Subject: "Egress Firewall Rules" feature FS Hey, My review comments on "Egress Firewall Rules" feature FS: 1. Let me know whether we are using CreateFirewall API or NetworkACL to implement firewall rule - There is a discussion in community about which API to use. I will update the spec once the discussion is closed. 2. How can I block the communication with particular subnet? As in if I want to block communication ONLY with some IP range and allow the rest of the communication, would it be possible? -It is not possible. There are only rules to ALLOW. 3. Can we have BLOCK rule which can block communication with specified IP range? -We can have only ALLOW rules. The egress rules only allowed and remaining traffic is blocked. https://cwiki.apache.org/confluence/display/CLOUDSTACK/Egress+firewall+rules+for+guest+network -Thanks, Nilesh
