[openstack-dev] [neutron] A question about firewall

Xurong Yang idopra at gmail.com
Thu Jun 5 09:48:10 UTC 2014


Hi, Stackers
My use case:

under project_id A:
1.create firewall rule default(share=false).
2.create firewall policy default(share=false).
3.attach rule to policy.
4.update policy(share=true)

under project_id B:
1.create firewall with policy(share=true) based on project A.
then create firewall fail and suspend with status=PENDING_CREATE

openstack at openstack03:~/Vega$ neutron firewall-policy-list
+--------------------------------------+------+----------------------------------------+
| id                                   | name | firewall_rules
                |
+--------------------------------------+------+----------------------------------------+
| 7884fb78-1903-4af6-af3f-55e5c7c047c9 | Demo |
[d5578ab5-869b-48cb-be54-85ee9f15d9b2] |
| 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | Test |
[8679da8d-200e-4311-bb7d-7febd3f46e37, |
|                                      |      |
86ce188d-18ab-49f2-b664-96c497318056] |
+--------------------------------------+------+----------------------------------------+
openstack at openstack03:~/Vega$ neutron firewall-rule-list
+--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
| id                                   | name     | firewall_policy_id
                  | summary                        | enabled |
+--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
| 8679da8d-200e-4311-bb7d-7febd3f46e37 | DenyOne  |
949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP,
| True    |
|                                      |          |
                  |  source: none(none),           |         |
|                                      |          |
                  |  dest: 192.168.0.101/32(none), |         |
|                                      |          |
                  |  deny                          |         |
| 86ce188d-18ab-49f2-b664-96c497318056 | AllowAll |
949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP,
| True    |
|                                      |          |
                  |  source: none(none),           |         |
|                                      |          |
                  |  dest: none(none),             |         |
|                                      |          |
                  |  allow                         |         |
+--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
openstack at openstack03:~/Vega$ neutron firewall-create --name Test
Demo*Firewall Rule d5578ab5-869b-48cb-be54-85ee9f15d9b2 could not be
found.*
openstack at openstack03:~/Vega$ neutron firewall-show Test
+--------------------+--------------------------------------+
| Field              | Value                                |
+--------------------+--------------------------------------+
| admin_state_up     | True                                 |
| description        |                                      |
| firewall_policy_id | 7884fb78-1903-4af6-af3f-55e5c7c047c9 |
| id                 | 7c59c7da-ace1-4dfa-8b04-2bc6013dbc0a |
| name               | Test                                 |
| status             | *PENDING_CREATE*                       |
| tenant_id          | a0794fca47de4631b8e414beea4bd51b     |
+--------------------+--------------------------------------+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140605/5bc26fad/attachment.html>


More information about the OpenStack-dev mailing list