Please find my response inline: > -----Original Message----- > From: Manan Shah [mailto:manan.s...@citrix.com] > Sent: Thursday, 21 March 2013 11:05 PM > To: dev@cloudstack.apache.org > Cc: Manan Shah > Subject: Re: [Discuss] ACL deny rules > > Thanks Kishan for sharing the FS. Below are some of my questions. > > 1. What is the default for an empty container? Is it allow all or deny all?
[KK] Default is deny all. Same as before. Should it be editable or just read-only? > 2. Can you describe the behaviour for upgrades? [KK] Upgrade behaviour is already mentioned in the spec. > 3. Can you also make sure that deletion of Containers will be blocked when > containers are attached to Tiers? [KK] Added this to the spec. > > Regards, > Manan Shah > > > > > On 3/21/13 2:29 AM, "Kishan Kavala" <kishan.kav...@citrix.com> wrote: > > >I would like add support for ACL deny rules in VPC. Functional spec is > >available at [1] and jira ticket is [2]. > >As part of this feature, NetworkACLContainer will also be introduced to > >manage network ACLs. > > > >This feature is item 2.16 in nTier Apps 2.0 requirements [3]. > > > >[1] > >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+ACL+d > eny > >+ru > >les > >[2] https://issues.apache.org/jira/browse/CLOUDSTACK-763 > >[3] > >https://cwiki.apache.org/confluence/display/CLOUDSTACK/nTier+Apps+2.0 > +R > >equ > >irements
