How about using address_groups (https://blueprints.launchpad.net/neutron/+spec/address-groups-in-sg-rules) for that? You don't need all those 4 cases then, just:
1. Enabled for all (like it's now, controlled by enable_snat) 2. Enabled for some IP addresses, confiugred by address group - it can be IP of single VM, subnet's cidr or some other IPs range - this may work only if enable_snat==True
What do You think?
How about using address_groups (https:/ /blueprints. launchpad. net/neutron/ +spec/address- groups- in-sg-rules) for that? You don't need all those 4 cases then, just:
1. Enabled for all (like it's now, controlled by enable_snat)
2. Enabled for some IP addresses, confiugred by address group - it can be IP of single VM, subnet's cidr or some other IPs range - this may work only if enable_snat==True
What do You think?