Description of problem: When creating a new project, we apply a default security group rule. This RFE is requesting the ability to modify those default rules. It looks like this has been discussed before: https://bugzilla.redhat.com/show_bug.cgi?id=125845 Version-Release number of selected component (if applicable): RHOSP13 How the feature would work? Allow the user to create a security group that will be applied by default to all new projects Actual Results: When you create a new project, it gets a default egress any any allow and ingress any any deny Expected results: Allow for customization of these defaults. Maybe by allowing a user to create a security group and set it as the default SG to be applied to new projects? Additional info: I saw the previous discussion about FWaaS. But would it be easier to just flag a already configured SG as the projects default one and copy it to new projects? If my research is correct, we create the defaults here: https://github.com/openstack/neutron/blob/stable/queens/neutron/db/securitygroups_db.py#L105-L122 On a scale of 1 to difficult, where would we rate adding a check for a new field - lets call it project_default_sg? project_default_sg = check_each_sg_for_project_default_sg if project_default_sg: sg_defaults = read_sg_rules_from_default sg.rules.append(sg_defaults) Happy for some feedback on this one. We can make it an RFE for Train or something if that makes more sense and I'll submit it upstream as well.
*** This bug has been marked as a duplicate of bug 1258455 ***