<div dir="ltr"><div>I all, I am trying to configure fwaas on newton.<br><br></div>I suppose there are some errors in nwtorking guide:<br><br><h2>Enable FWaaS v2<a class="gmail-headerlink" href="https://docs.openstack.org/newton/networking-guide/fwaas-v2-scenario.html#enable-fwaas-v2" title="Permalink to this headline">¶</a></h2>
<li><p class="gmail-first">Enable the FWaaS plug-in in the <code class="gmail-docutils gmail-literal"><span class="gmail-pre">/etc/neutron/neutron.conf</span></code> file:</p>
<div class="gmail-highlight-ini"><div class="gmail-highlight"><pre><span></span><span class="gmail-na">service_plugins</span> <span class="gmail-o">=</span> <span class="gmail-s">firewall_v2</span>
<span class="gmail-k">[service_providers]</span>
<span class="gmail-na">...</span>
<span class="gmail-na">service_provider</span> <span class="gmail-o">=</span> <span class="gmail-s">FIREWALL:Iptables:neutron.agent.linux.iptables_</span>
<span class="gmail-na">firewall.OVSHybridIptablesFirewallDriver:default</span>

<span class="gmail-k">[fwaas]</span>
<span class="gmail-na">driver</span> <span class="gmail-o">=</span> <span class="gmail-s">neutron_fwaas.services.firewall.drivers.linux.iptables_</span>
<span class="gmail-na">fwaas_v2.IptablesFwaasDriver</span>
<span class="gmail-na">enabled</span> <span class="gmail-o">=</span> <span class="gmail-s">True</span>
</pre></div>
</div>
<div class="gmail-admonition gmail-note">
<div class="gmail-fa gmail-fa-check-circle"> </div>Note
<p class="gmail-last">On Ubuntu, modify the <code class="gmail-docutils gmail-literal"><span class="gmail-pre">[fwaas]</span></code> section in the
<code class="gmail-docutils gmail-literal"><span class="gmail-pre">/etc/neutron/fwaas_driver.ini</span></code> file instead of
<code class="gmail-docutils gmail-literal"><span class="gmail-pre">/etc/neutron/neutron.conf</span></code>.</p>
</div>
</li><li><p class="gmail-first">Configure the FWaaS plugin for the L3 agent.</p>
<p>In the <code class="gmail-docutils gmail-literal"><span class="gmail-pre">AGENT</span></code> section of <code class="gmail-docutils gmail-literal"><span class="gmail-pre">l3_agent.ini</span></code>, make sure the FWaaS extension
is loaded:</p>
<div class="gmail-highlight-ini"><div class="gmail-highlight"><pre><span></span><span class="gmail-k">[AGENT]</span>
<span class="gmail-na">extensions</span> <span class="gmail-o">=</span> <span class="gmail-s">fwaas</span>
</pre></div>
</div>
<p>Edit the FWaaS section in the <code class="gmail-docutils gmail-literal"><span class="gmail-pre">/etc/neutron/neutron.conf</span></code> file to indicate
the agent version and driver:</p>
<div class="gmail-highlight-ini"><div class="gmail-highlight"><pre><span></span><span class="gmail-k">[fwaas]</span>
<span class="gmail-na">agent_version</span> <span class="gmail-o">=</span> <span class="gmail-s">v2</span>
<span class="gmail-na">driver</span> <span class="gmail-o">=</span> <span class="gmail-s">iptables</span>
<span class="gmail-na">enabled</span> <span class="gmail-o">=</span> <span class="gmail-s">True</span>
</pre></div>
</div>
</li><li>As you can see above, it tells to modify /etc/neutron/neutron.conf two times .</li><li><br></li><li>I am using centos 7 .</li><li>Anyone can help me to configure the fwaas ?</li><li>Must I install the package openstack-neutron-fwaas ?</li><li>Regards</li><li>Ignazio<br></li></div>