This is an open source project and users should have more control over their Ingress filtering!
I've been using Gonzo with Devstack and a Group with no Rules blocks all incoming traffic.
Furthermore:
-Users are likely not to want a group called 'Gonzo'.
-Users will want to decide what groups, their names, and what rules are applied, and at what time.
-Users should also be able to set groups without having to launch an instance!
So I've made some very simple changes.
Untested in the wild, only using Devstack.
What do you all think?
This is the addition to my config.py
# syntax for defining security groups which do ingress filtering.
'SECURITY_GROUPS': {
'development': [
{'ip_protocol': 'tcp', # enable http
'from_port': 1,
'to_port': 65535,
# Classless Inter-Domain Routing (method for allocating IP addresses)
'cidr': '0.0.0.0/0',},
{'ip_protocol': 'icmp', # enable ping
'from_port': -1,
'to_port': -1,
'cidr': '0.0.0.0/24'},
{'ip_protocol': 'tcp', # enable ssh
'from_port': 22,
'to_port': 22,
'cidr': '0.0.0.0/24'},
]
},
\ Configurable Security Groups **
This is an open source project and users should have more control over their Ingress filtering! I've been using Gonzo with Devstack and a Group with no Rules blocks all incoming traffic.
Furthermore: -Users are likely not to want a group called 'Gonzo'. -Users will want to decide what groups, their names, and what rules are applied, and at what time. -Users should also be able to set groups without having to launch an instance!
So I've made some very simple changes.
Untested in the wild, only using Devstack. What do you all think?
This is the addition to my config.py