Open mdehn opened 7 years ago
Needs to include Azure ARM and K5
This should be linked to security groups, so you set rules for groups & then add resources to the groups. Not directly to the resources as it is bad practise.
visualisation like this would be a very useful feature: http://docs.rightscale.com/img/cm-network-map-example.png
Don't block any setting, it should be user configurable and if they want "everything open" then they should be able to set it. perhaps it is useful for a development environment. It would be good to have a warning or link to security best practise guidelines when they are in this section so that we can provide them with guidance, but not with restrictions.
This feature should be accessible via APIs and the GUI
When applying "everything open", there may be some restrictions on the usage due to security policy. The default setting should be selective either from "everything open" or "All denied".
The support for firewall rules can be done for the AWS and the OpenStack controllers. A K5 controller is not yet part of OSCM, but it is planned for release 16.2. An Azure controller is not part of OSCM, but you are free to contribute such a controller.
Allow to define firewall rules and filtering of ports for all the supported IaaS controllers: