FWaaS

  1. FAQ
  2. FWaaS

https://docs.openstack.org/newton/networking-guide/fwaas-v2-scenario.html

#/etc/neutron/neutron.conf 

service_plugins = firewall
[fwaas]
driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True
agent_version = v1 # this flag actually useless

#/etc/neutron/l3_agent.ini 

#if you use FWaaS v1
extensions = fwaas
#if you use FWaaS v2
extensions = fwaas_v2

#restart neutron-server neutron-l3-agent


Example:

#command format
neutron firewall-rule-create --protocol {tcp,udp,icmp,any} \
  --source-ip-address SOURCE_IP_ADDRESS \
  --destination-ip-address DESTINATION_IP_ADDRESS \
  --source-port SOURCE_PORT_RANGE --destination-port DEST_PORT_RANGE \
  --action {allow,deny,reject}

neutron firewall-policy-create --firewall-rules \
  "FIREWALL_RULE_IDS_OR_NAMES" myfirewallpolicy

neutron firewall-create FIREWALL_POLICY_UUID

#Command example

neutron firewall-rule-create --protocol icmp --source-ip-address 192.168.10.66 --destination-ip-address 192.168.10.174  --action deny

neutron firewall-policy-create --firewall-rules "FIREWALL_RULE_IDS_OR_NAMES" myfirewallpolicy

neutron firewall-create FIREWALL_POLICY_UUID
Published with GitBook · Last edit May 11th 2017

results for ""

    No results matching ""