I've never used it - but I believe you can just set the firewall_driver config var to nova.virt.firewall.NoopFirewallDriver<div><br></div><div>eg in nova.conf add:</div><div><br></div><div>--firewall_driver=nova.virt.firewall.NoopFirewallDriver</div>
<div class="gmail_extra"><br clear="all"><br>Thanks,<br>Kiall<br>
<br><br><div class="gmail_quote">On Wed, Nov 21, 2012 at 2:14 PM, Kevin Jackson <span dir="ltr"><<a href="mailto:kevin@linuxservices.co.uk" target="_blank">kevin@linuxservices.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Ritesh,<br>You will need to have enabled some rules - even if you provide rules that give carte blanch access to your instances. This is courtesy of the 'default' security group - that by design prevents any access and by design, is a default if you don't specify any security groups when launching instances.<br>
<br>Whilst its easy to say you shouldn't do what you're intending to do and relying on perimeter security alone, that is not what you're asking and I'm all for choice and learning.<br><br>So in your instance:<br>
<br>nova secgroup-add-rule default tcp 0 65536 <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>nova secgroup-add-rule default udp 0 65536 <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>nova secgroup-add-rule default icmp -1 -1 <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
<br>Note this is the netsec equivalent of doing chmod 777 on a file.<br><br>To actually delete groups though<br><br>nova secgroup-delete nameOfGroup<br><br>Regards,<br>Kev<br><div class="gmail_extra"><br><br><div class="gmail_quote">
<div><div class="h5">
On 21 November 2012 13:45, Ritesh Nanda <span dir="ltr"><<a href="mailto:riteshnanda09@gmail.com" target="_blank">riteshnanda09@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div class="h5">
Hello, <br><br>Is there anyway we can disable security group in nova, as i would be using an external firewall to do that.<span><font color="#888888"><br clear="all"><br>-- <br><p style="margin:0cm 0cm 0pt;color:rgb(0,0,153)">
<b><span style="font-size:10pt;font-family:Arial"> With Regards <br>
</span></b></p><p style="margin:0cm 0cm 0pt;color:rgb(0,0,153)"><b><span style="font-size:10pt;font-family:Arial"> Ritesh Nanda<br></span></b></p><p style="margin:0cm 0cm 0pt;color:rgb(0,0,153)"></p><p style="margin:0cm 0cm 0pt;color:rgb(51,51,51)">
<span style="color:rgb(0,0,153)"></span><span style="font-size:9pt;color:rgb(51,51,51);font-family:Arial"><span style="color:rgb(51,51,255)"><b><span style="color:rgb(0,0,153)"></span></b></span></span><span style="font-size:9pt;color:rgb(51,51,51);font-family:Arial"><span style="color:rgb(51,51,255)"><b><span style="color:rgb(0,0,153)"><br>
</span></b></span></span></p><a href="http://www.ericsson.com/" target="_blank"></a><p style="margin:0cm 0cm 0pt"><span style="font-size:9pt;font-family:Arial"><br><br></span></p><br>
</font></span><br></div></div>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/%7Eopenstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br>Kevin Jackson<br>@itarchitectkev<br>
</font></span></div>
<br>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div><br></div>