On Thu, Jun 25, 2009 at 3:45 PM, <shlomo.swidler@gmail.com> wrote:
1. There is no Noun or Attribute for "Security Groups". The API should allow me to define a network security group (consisting of a collection of protocol+port+CIDR specifications), and allow each network interface to belong to multiple security groups. There was some discussion back in May [2] about networking attributes, but it did not get very far.
My (undocumented) thoughts on this thus far are that we should have an extension that allows users to specify firewall rules on network associations in a simple format like ufw<http://www.ubuntugeek.com/ufw-uncomplicated-firewall-for-ubuntu-hardy.html>or pf <http://www.openbsd.org/faq/pf/filter.html#syntax>: pass in proto tcp from any port www
For "groups" you would associate multiple resources to the same network and then associate that network with another, specifying rules on the association. For more advanced functionality like Netscaler VPX, ZXTM, etc. there would be a dedicated compute or network resource (as appropriate). Feedback welcome, Sam