This adds a way to create global firewall blocks that apply to all instances in your nova installation.

The mechanism for managing these rules is very similar to how security group rules are managed except there is only ever one instance of the provider rule table, as opposed to multiple security group tables.  Each instance will simply jump into the provider firewall table as one of its first actions (before security groups, so these rules cannot be overridden on a per-user basis).

Most of the changes are straightforward if you understand how security groups work.  There are a few small logging and variable name changes as well.

Right now this only exposes the creation of provider firewall rules.  If we agree this is the best path forward I will quickly be adding a list and destroy method and updating nova-adminclient.

0 files changed, 0 insertions, 0 deletions