Bug 1042587 - [RFE][neutron]: FWaaS - Firewall Explicit Commit Operation
Summary: [RFE][neutron]: FWaaS - Firewall Explicit Commit Operation
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: RFEs
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: RHOS Maint
QA Contact:
URL: https://blueprints.launchpad.net/neut...
Whiteboard: upstream_milestone_next upstream_stat...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-13 00:25 UTC by RHOS Integration
Modified: 2015-11-20 19:37 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-19 17:45:06 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description RHOS Integration 2013-12-13 00:25:56 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/neutron/+spec/neutron-fwaas-explicit-commit.

Description:

In Neutron Firewall as a Service (FWaaS), we currently support an implicit commit mode, wherein a change made to a firewall_rule is propagated immediately to all the firewalls that use this rule (via their firewall_policy association), and the rule gets applied in the backend firewalls. This might be acceptable, however this is different from the explicit commit semantics which most firewalls support. Having an explicit commit operation ensures that multiple rules can be applied atomically, as opposed to in the implicit case where each rule is applied atomically and thus opens up the possibility of security holes between two successive rule applications.

Specification URL (additional information):

https://docs.google.com/document/d/1gmJoAYJOMpdGuKXTJVbBVlCDAou0k_h2DYuD4W7aEyg/edit#heading=h.9xfek5j4sfhh
Note You need to log in before you can comment on or make changes to this bug.