This was an intentional decision. One of the goals of OpenStack is to provide consistency across different clouds and configurable defaults for new tenants default rules hurts consistency.
If I write a script to boot up a workload on one OpenStack cloud that allows everything by default and it doesn't work on another cloud that doesn't allow everything by default, that leads to a pretty bad user experience. I would now need logic to scan all of the existing security group rules and do a diff between what I want and what is there and have logic to resolve the difference. It's a backwards-incompatible change so we'll probably be stuck with the current behavior. On Fri, Jun 9, 2017 at 2:27 AM, Ahmed Mostafa <[email protected]> wrote: > I believe that there are no features impelemented in neutron that allows > changing the rules for the default security group. > > I am also interested in seeing such a feature implemented. > > I see only this blueprint : > > https://blueprints.launchpad.net/neutron/+spec/default- > rules-for-default-security-group > > But no work has been done on it so far. > > > > On Fri, Jun 9, 2017 at 9:16 AM, Paul Schlacter <[email protected]> > wrote: > >> I see the neutron code, which added the default rules to write very >> rigid, only for ipv4 ipv6 plus two rules. What if I want to customize the >> default rules? >> >> ____________________________________________________________ >> ______________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: [email protected]?subject:unsubscrib >> e >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
