[openstack-dev] [neutron] A question about firewall

Yi Sun beyounn at gmail.com
Fri Jun 6 05:48:32 UTC 2014


I don't think the "shared" is fully implemented yet. It is not a bug, it 
is just an uncompleted feature.

Yi

On 6/5/14, 9:05 PM, Xurong Yang wrote:
> Hi, Gary
>    Thanks for your response, i have created router, the fact is that 
> firewall rules don't update share status when updating the 
> corresponding firewall policy share=true. so create firewall under 
> another project and thus fail.
> so i think it's a bug.
> what do you think?
>
> cheers,
> Xurong
>
>
> 2014-06-05 22:00 GMT+08:00 Gary Duan <garyduan at gmail.com 
> <mailto:garyduan at gmail.com>>:
>
>     Xurong,
>
>     Firewall is colocated with router. You need to create a router,
>     then the firewall state will be updated.
>
>     Gary
>
>
>     On Thu, Jun 5, 2014 at 2:48 AM, Xurong Yang <idopra at gmail.com
>     <mailto:idopra at gmail.com>> wrote:
>
>         Hi, Stackers
>         My use case:
>
>         under project_id A:
>         1.create firewall rule default(share=false).
>         2.create firewall policy default(share=false).
>         3.attach rule to policy.
>         4.update policy(share=true)
>
>         under project_id B:
>         1.create firewall with policy(share=true) based on project A.
>         then create firewall fail and suspend with status=PENDING_CREATE
>
>         openstack at openstack03:~/Vega$ neutron firewall-policy-list
>         +--------------------------------------+------+----------------------------------------+
>         | id                                   | name | firewall_rules                         |
>         +--------------------------------------+------+----------------------------------------+
>         | 7884fb78-1903-4af6-af3f-55e5c7c047c9 | Demo | [d5578ab5-869b-48cb-be54-85ee9f15d9b2] |
>         | 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | Test | [8679da8d-200e-4311-bb7d-7febd3f46e37, |
>         |                                      |      |  86ce188d-18ab-49f2-b664-96c497318056] |
>         +--------------------------------------+------+----------------------------------------+
>         openstack at openstack03:~/Vega$ neutron firewall-rule-list
>         +--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
>         | id                                   | name     | firewall_policy_id                   | summary                        | enabled |
>         +--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
>         | 8679da8d-200e-4311-bb7d-7febd3f46e37 | DenyOne  | 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP,                          | True    |
>         |                                      |          |                                      |  source: none(none),           |         |
>         |                                      |          |                                      |  dest:192.168.0.101/32(none)  <http://192.168.0.101/32%28none%29>, |         |
>         |                                      |          |                                      |  deny                          |         |
>         | 86ce188d-18ab-49f2-b664-96c497318056 | AllowAll | 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP,                          | True    |
>         |                                      |          |                                      |  source: none(none),           |         |
>         |                                      |          |                                      |  dest: none(none),             |         |
>         |                                      |          |                                      |  allow                         |         |
>         +--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
>         openstack at openstack03:~/Vega$ neutron firewall-create --name Test Demo
>         *Firewall Rule d5578ab5-869b-48cb-be54-85ee9f15d9b2 could not be found.*
>         openstack at openstack03:~/Vega$ neutron firewall-show Test
>         +--------------------+--------------------------------------+
>         | Field              | Value                                |
>         +--------------------+--------------------------------------+
>         | admin_state_up     | True                                 |
>         | description        |                                      |
>         | firewall_policy_id | 7884fb78-1903-4af6-af3f-55e5c7c047c9 |
>         | id                 | 7c59c7da-ace1-4dfa-8b04-2bc6013dbc0a |
>         | name               | Test                                 |
>         | status             |*PENDING_CREATE*                        |
>         | tenant_id          | a0794fca47de4631b8e414beea4bd51b     |
>         +--------------------+--------------------------------------+
>
>
>         _______________________________________________
>         OpenStack-dev mailing list
>         OpenStack-dev at lists.openstack.org
>         <mailto:OpenStack-dev at lists.openstack.org>
>         http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>     _______________________________________________
>     OpenStack-dev mailing list
>     OpenStack-dev at lists.openstack.org
>     <mailto:OpenStack-dev at lists.openstack.org>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140605/72bfee09/attachment.html>


More information about the OpenStack-dev mailing list