Github user borisroman commented on the pull request:
https://github.com/apache/cloudstack/pull/1356#issuecomment-173872641
@DaanHoogland It improves performance due to fact firewall rules are only
created (in memory) once we expect a change. If for example a dhcp lease needs
to be added, no firewall rules will be build or changed.
At first these were always executed:
```
- # Always run both CsAcl().process() methods
- # They fill the base rules in config.fw[]
- acls = CsAcl('networkacl', config)
- acls.process()
-
- acls = CsAcl('firewallrules', config)
- acls.process()
-
- fwd = CsForwardingRules("forwardingrules", config)
- fwd.process()
-
- vpns = CsSite2SiteVpn("site2sitevpn", config)
- vpns.process()
-
- rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
- rvpn.process()
-
- lb = CsLoadBalancer("loadbalancer", config)
- lb.process()
```
Now they are only executed if we expect change to the firewall rules.
Less execution == more performance!
Hope that clears up! :-)
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
