<div dir="ltr"><br><div class="gmail_extra">You should check the rules under qrouter namespace, did you try that?</div><div class="gmail_extra"><br></div><div class="gmail_extra">something like below</div><div class="gmail_extra">
#ip netns exec qr-XX iptables -L</div><div class="gmail_extra"><br></div><div class="gmail_extra">regards,</div><div class="gmail_extra">Ashok<br><br><div class="gmail_quote">On Thu, Dec 12, 2013 at 12:39 PM, <a href="mailto:trinath.somanchi@freescale.com">trinath.somanchi@freescale.com</a> <span dir="ltr"><<a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I have created some rules and added to Policy which is added to firewall which is in ACTIVE state.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I have found the following in the firewall logs<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">root@havana:/usr/lib/python2.7/dist-packages/neutron/common# tail -f /var/log/neutron/l3-agent.log | grep firewall<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">2013-12-12 12:34:<a href="tel:57.176%2019582" value="+915717619582" target="_blank">57.176 19582</a> DEBUG neutron.openstack.common.rpc.amqp [-] received {u'_context_roles': [u'admin'], u'_context_read_deleted': u'no', u'_context_tenant_id':
u'18088213420b45109da582f677ed8367', u'args': {u'firewall': {u'status': u'PENDING_UPDATE', u'name': u'Firewall-Test', u'admin_state_up': True, u'tenant_id': u'18088213420b45109da582f677ed8367', u'firewal_policy_id': u'255b8347-2069-4980-a911-a521a3e5b571',
u'shared': None, u'id': u'5add0082-54b8-468e-b764-6c6d62d11b4b', u'firewall_rule_list': [{u'protocol': u'tcp', u'description': u'', u'ip_version': 4, u'tenant_id': u'18088213420b45109da582f677ed8367', u'enabled': True, u'source_ip_address': u'10.10.10.100',
u'destination_ip_address': u'10.10.10.200', u'firewall_policy_id': u'255b8347-2069-4980-a911-a521a3e5b571', u'action': u'allow', u'shared': False, u'source_port': u'8010', u'position': 1, u'destination_port': u'8010', u'id': u'f60fe35d-5bc8-4973-bd4e-ddac85012624',
u'name': u'rule2'}, {u'protocol': u'tcp', u'description': u'Allow Port 80', u'ip_version': 4, u'tenant_id': u'18088213420b45109da582f677ed8367', u'enabled': True, u'source_ip_address': u'10.10.10.100', u'destination_ip_address': u'10.10.10.200', u'firewall_policy_id':
u'255b8347-2069-4980-a911-a521a3e5b571', u'action': u'allow', u'shared': True, u'source_port': u'80', u'position': 2, u'destination_port': u'80', u'id': u'6fbfbe3e-fefa-49f7-8189-431da4e12d8a', u'name': u'allow80'}, {u'protocol': u'tcp', u'description': u'',
u'ip_version': 4, u'tenant_id': u'18088213420b45109da582f677ed8367', u'enabled': True, u'source_ip_address': u'10.10.10.100', u'destination_ip_address': u'10.10.10.200', u'firewall_policy_id': u'255b8347-2069-4980-a911-a521a3e5b571', u'action': u'allow', u'shared':
False, u'source_port': u'8020', u'position': 3, u'destination_port': u'8020', u'id': u'0ad077ab-a61b-4d90-9975-ca4a2d7c5936', u'name': u'rule3'}], u'description': u''}, u'host': u'havana'}, u'namespace': None, u'_unique_id': u'c1926314dfcb40c19c34ea794cafa7fe',
u'_context_is_admin': True, u'version': u'1.0', u'_context_project_id': u'18088213420b45109da582f677ed8367', u'_context_timestamp': u'2013-12-12 07:04:56.847184', u'_context_user_id': u'cb1d76176a07463db848ae89060e5786', u'method': u'updatefirewall'} _safe_log
/usr/lib/python2.7/dist-packages/neutron/openstack/common/rpc/common.py:276<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">2013-12-12 12:34:57.182 19582 DEBUG neutron.services.firewall.agents.l3reference.firewall_l3_agent [-] update_firewall from agent for fw: 5add0082-54b8-468e-b764-6c6d62d11b4b
_invoke_driver_for_plugin_api /usr/lib/python2.7/dist-packages/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py:108<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">2013-12-12 12:35:02.718 19582 DEBUG neutron.services.firewall.agents.l3reference.firewall_l3_agent [-] Apply fw on Router List: '[u'1c317e97-d270-4977-a5d7-27534194049f']'
_invoke_driver_for_plugin_api /usr/lib/python2.7/dist-packages/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py:123<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">2013-12-12 12:35:02.718 19582 DEBUG neutron.services.firewall.drivers.linux.iptables_fwaas [-] Updating firewall 5add0082-54b8-468e-b764-6c6d62d11b4b for tenant
18088213420b45109da582f677ed8367) update_firewall /usr/lib/python2.7/dist-packages/neutron/services/firewall/drivers/linux/iptables_fwaas.py:82<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">2013-12-12 12:35:02.720 19582 DEBUG neutron.openstack.common.rpc.amqp [-] Making synchronous call on q-firewall-plugin ... multicall /usr/lib/python2.7/dist-packages/neutron/openstack/common/rpc/amqp.py:530<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I want to know what is the command to view these rules apart from the neutron CLI ?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Is there any possibility to view these rules ?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">When I issue the command, iptables –L, I’m unable to view the rules, Kindly help me to understand the same.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Please correct me if I’m wrong.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">--<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Trinath Somanchi - B39208<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#548dd4">trinath.somanchi@</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#548dd4">freescale</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#548dd4">.com</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">
| extn: 4048<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-left:.5in"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Sumit Naiksatam [mailto:<a href="mailto:sumitnaiksatam@gmail.com" target="_blank">sumitnaiksatam@gmail.com</a>]
<br>
<b>Sent:</b> Thursday, December 12, 2013 12:08 PM<br>
<b>To:</b> Somanchi Trinath-B39208<br>
<b>Cc:</b> <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
<b>Subject:</b> Re: [Openstack] [Neutron][FWaaS] Doubts with FWaaS<u></u><u></u></span></p>
</div>
<p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p>
<div>
<p class="MsoNormal" style="margin-left:.5in">Thats seems correct. You want to check for the iptables in the router's namespace. Also check for anything in the neutron or the l3-agent logs.<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">Thanks,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">~Sumit.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<u></u> <u></u></p>
<div>
<p class="MsoNormal" style="margin-left:.5in">On Wed, Dec 11, 2013 at 10:35 PM, <a href="mailto:trinath.somanchi@freescale.com" target="_blank">
trinath.somanchi@freescale.com</a> <<a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a>> wrote:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi-</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Yes!, I have configured Fwaas Driver this way in neutron.conf</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">[fwaas]</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">enabled = True</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">--</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Trinath Somanchi - B39208</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#548dd4"><a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> | extn:
4048</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-left:1.0in">
<b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Sumit Naiksatam [mailto:<a href="mailto:sumitnaiksatam@gmail.com" target="_blank">sumitnaiksatam@gmail.com</a>]
<br>
<b>Sent:</b> Wednesday, December 11, 2013 10:15 PM<br>
<b>To:</b> Remo Mattei<br>
<b>Cc:</b> <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
<b>Subject:</b> Re: [Openstack] [FWaaS] Doubts with FWaaS</span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:1.0in">
<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
Is the fwaas_driver configured correctly?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;margin-left:1.0in">
<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
On Wed, Dec 11, 2013 at 6:42 AM, Remo Mattei <<a href="mailto:remo@mattei.org" target="_blank">remo@mattei.org</a>> wrote:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;margin-left:1.0in">
What are you trying to do? <u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
Inviato da iPhone ()<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;margin-left:1.0in">
<br>
Il giorno Dec 11, 2013, alle ore 3:02, "<a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a>" <<a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a>> ha scritto:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi-</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I have a Network
<a href="http://12.12.12.0/24" target="_blank">12.12.12.0/24</a> connected to a router (router1)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I have got the neutron based chains in iptables too..</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain INPUT (policy ACCEPT 451K packets, 126M bytes)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 413K 119M neutron-openvswi-INPUT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">48090 14M nova-compute-INPUT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 262K 75M nova-network-INPUT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 264K 76M nova-api-INPUT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT udp -- virbr0 *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> udp dpt:53</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT tcp -- virbr0 *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> tcp dpt:53</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT udp -- virbr0 *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> udp dpt:67</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT tcp -- virbr0 *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> tcp dpt:67</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain FORWARD (policy ACCEPT 18 packets, 2855 bytes)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 22 4189 neutron-filter-top all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 22 4189 neutron-openvswi-FORWARD all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 18 2855 nova-filter-top all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 nova-compute-FORWARD all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 nova-network-FORWARD all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 nova-api-FORWARD all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT all -- * virbr0
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://192.168.122.0/24" target="_blank">
192.168.122.0/24</a> ctstate RELATED,ESTABLISHED</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT all -- virbr0 *
<a href="http://192.168.122.0/24" target="_blank">192.168.122.0/24</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT all -- virbr0 virbr0
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 REJECT all -- * virbr0
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> reject-with icmp-port-unreachable</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 REJECT all -- virbr0 *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> reject-with icmp-port-unreachable</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain OUTPUT (policy ACCEPT 450K packets, 124M bytes)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 413K 116M neutron-filter-top all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 413K 116M neutron-openvswi-OUTPUT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 450K 124M nova-filter-top all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">49273 14M nova-compute-OUTPUT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 263K 77M nova-network-OUTPUT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 265K 77M nova-api-OUTPUT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain neutron-filter-top (2 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 413K 116M neutron-openvswi-local all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain neutron-openvswi-FORWARD (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 2 706 neutron-openvswi-sg-chain all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> PHYSDEV match --physdev-out tap761426aa-f9 --physdev-is-bridged</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 2 628 neutron-openvswi-sg-chain all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> PHYSDEV match --physdev-in tap761426aa-f9 --physdev-is-bridged</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain neutron-openvswi-INPUT (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 neutron-openvswi-o761426aa-f all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> PHYSDEV match --physdev-in tap761426aa-f9 --physdev-is-bridged</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain neutron-openvswi-OUTPUT (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain neutron-openvswi-i761426aa-f (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 DROP all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> state INVALID</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 RETURN all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> state RELATED,ESTABLISHED</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 2 706 RETURN udp -- * * 12.12.12.3
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> udp spt:67 dpt:68</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 neutron-openvswi-sg-fallback all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain neutron-openvswi-local (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain neutron-openvswi-o761426aa-f (2 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 2 628 RETURN udp -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> udp spt:68 dpt:67</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 neutron-openvswi-s761426aa-f all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 DROP udp -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> udp spt:67 dpt:68</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 DROP all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> state INVALID</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 RETURN all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> state RELATED,ESTABLISHED</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 RETURN all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 neutron-openvswi-sg-fallback all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain neutron-openvswi-s761426aa-f (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 RETURN all -- * * 12.12.12.2 <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> MAC FA:16:3E:35:F9:57</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 DROP all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain neutron-openvswi-sg-chain (2 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 2 706 neutron-openvswi-i761426aa-f all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> PHYSDEV match --physdev-out tap761426aa-f9 --physdev-is-bridged</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 2 628 neutron-openvswi-o761426aa-f all -- * * <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> PHYSDEV match --physdev-in tap761426aa-f9 --physdev-is-bridged</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 4 1334 ACCEPT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain neutron-openvswi-sg-fallback (2 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 DROP all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-api-FORWARD (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-api-INPUT (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT tcp -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> 10.10.10.100 tcp dpt:8775</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-api-OUTPUT (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-api-local (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-compute-FORWARD (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT udp -- * * 0.0.0.0 255.255.255.255 udp spt:68 dpt:67</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-compute-INPUT (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 2 628 ACCEPT udp -- * * 0.0.0.0 255.255.255.255 udp spt:68 dpt:67</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-compute-OUTPUT (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-compute-inst-26 (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 DROP all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> state INVALID</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> state RELATED,ESTABLISHED</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 nova-compute-provider all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT udp -- * * 12.12.12.3
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> udp spt:67 dpt:68</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 nova-compute-sg-fallback all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-compute-local (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 nova-compute-inst-26 all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> 12.12.12.2
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-compute-provider (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-compute-sg-fallback (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 DROP all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-filter-top (2 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">49273 14M nova-compute-local all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 263K 77M nova-network-local all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 265K 77M nova-api-local all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-network-FORWARD (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-network-INPUT (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-network-OUTPUT (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-network-local (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">But then there are chain with name “</span>neutron-l3-agent”
<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
Is there anything am I missing ?<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
Kindly guide me in this regard.<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">--</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Trinath Somanchi - B39208</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#548dd4"><a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">
| extn: 4048</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-left:1.5in">
<b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
</span><span lang="ZH-CN" style="font-size:10.0pt;font-family:"MS Gothic"">郭</span><span lang="ZH-CN" style="font-size:10.0pt;font-family:MingLiU">龙仓</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> [<a href="mailto:guolongcang.work@gmail.com" target="_blank">mailto:guolongcang.work@gmail.com</a>]
<br>
<b>Sent:</b> Wednesday, December 11, 2013 2:16 PM<br>
<b>To:</b> Somanchi Trinath-B39208<br>
<b>Cc:</b> <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
<b>Subject:</b> Re: [Openstack] [FWaaS] Doubts with FWaaS</span><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:1.5in">
<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:1.5in">
well , maybe you can show me your tenant network topology.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;margin-left:1.5in">
<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:1.5in">
2013/12/11 <a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a> <<a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a>><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:1.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Yes..
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I have controller + network + compute node in a single machine.</span><u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:1.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">--</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Trinath Somanchi - B39208</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#548dd4"><a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">
| extn: 4048</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:1.5in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
</div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-left:2.0in">
<b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
</span><span lang="ZH-CN" style="font-size:10.0pt;font-family:"MS Gothic"">郭</span><span lang="ZH-CN" style="font-size:10.0pt;font-family:MingLiU">龙仓</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> [mailto:<a href="mailto:guolongcang.work@gmail.com" target="_blank">guolongcang.work@gmail.com</a>]
<br>
<b>Sent:</b> Wednesday, December 11, 2013 2:08 PM</span><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:1.5in">
<br>
<b>To:</b> Somanchi Trinath-B39208<br>
<b>Cc:</b> <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
<b>Subject:</b> Re: [Openstack] [FWaaS] Doubts with FWaaS<u></u><u></u></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:2.0in">
<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:2.0in">
all-in-one deploy ? <span style="font-size:10.5pt;font-family:"Arial","sans-serif"">qr-{xxx} device is created on the network node .</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;margin-left:2.0in">
<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:2.0in">
2013/12/11 <a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a> <<a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a>><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi-</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I have the following chains in the iptables.</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">root@havana:~# iptables -L -n -v</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain INPUT (policy ACCEPT 6021 packets, 474K bytes)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 5921 465K nova-api-INPUT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT udp -- virbr0 *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> udp dpt:53</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT tcp -- virbr0 *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> tcp dpt:53</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT udp -- virbr0 *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> udp dpt:67</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT tcp -- virbr0 *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> tcp dpt:67</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 nova-filter-top all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 nova-api-FORWARD all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT all -- * virbr0
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://192.168.122.0/24" target="_blank">
192.168.122.0/24</a> ctstate RELATED,ESTABLISHED</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT all -- virbr0 * <a href="http://192.168.122.0/24" target="_blank">192.168.122.0/24</a>
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT all -- virbr0 virbr0
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 REJECT all -- * virbr0
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> reject-with icmp-port-unreachable</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 REJECT all -- virbr0 *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> reject-with icmp-port-unreachable</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain OUTPUT (policy ACCEPT 6746 packets, 462K bytes)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 6614 452K nova-filter-top all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 6614 452K nova-api-OUTPUT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-api-FORWARD (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-api-INPUT (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 0 0 ACCEPT tcp -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> 10.10.10.100 tcp dpt:8775</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-api-OUTPUT (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-api-local (1 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">Chain nova-filter-top (2 references)</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d">pkts bytes target prot opt in out source destination
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:Consolas;color:#1f497d"> 6614 452K nova-api-local all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">
0.0.0.0/0</a></span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I find none with the names suggested below. Am I missing any of the configurations required.
</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Kindly help me in this regard.</span><u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">--</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Trinath Somanchi - B39208</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#548dd4"><a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">
| extn: 4048</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.0in">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p>
</div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-left:2.5in">
<b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
</span><span lang="ZH-CN" style="font-size:10.0pt;font-family:"MS Gothic"">郭</span><span lang="ZH-CN" style="font-size:10.0pt;font-family:MingLiU">龙仓</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> [mailto:<a href="mailto:guolongcang.work@gmail.com" target="_blank">guolongcang.work@gmail.com</a>]
<br>
<b>Sent:</b> Wednesday, December 11, 2013 1:46 PM<br>
<b>To:</b> Somanchi Trinath-B39208<br>
<b>Cc:</b> <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
<b>Subject:</b> Re: [Openstack] [FWaaS] Doubts with FWaaS</span><u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:2.5in">
<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:2.5in">
FWaaS is implemented through iptables on qr-{xxx} device , one inbound chain named like neutron-l3-agent-iv{xxx} and one outbound chain named like neutron-l3-agent-ov{xxx} . <u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:2.5in">
<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:2.5in">
You can check the qr-{xxx} device's iptables rules.<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;margin-left:2.5in">
<u></u><u></u></p>
<div>
<p class="MsoNormal" style="margin-left:2.5in">
2013/12/11 <a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a> <<a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a>><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:2.5in">
Hi stackers-<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
I have configured FWaas with Neutron.<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
Also, I have created a simple firewall rule, added the same to a policy and created a firewall with this policy from CLI<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
The firewall is in ERROR state.<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
The rules and the policies were added to the DB. <u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
How do I debug to find the error. Also, will these rules be added to the iptables?
<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
Help be troubleshoot and understand the same.<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
--<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
Trinath Somanchi - B39208<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
<span style="color:#548dd4"><a href="mailto:trinath.somanchi@freescale.com" target="_blank">trinath.somanchi@freescale.com</a></span><span style="color:#888888"> | extn: 4048</span><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:2.5in">
<span style="color:#888888"> </span><u></u><u></u></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt;margin-left:2.5in">
<br>
_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:2.5in">
<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-left:2.0in">
<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-left:1.5in">
<u></u><u></u></p>
</div>
</div>
<p class="MsoNormal" style="margin-left:1.0in">
!DSPAM:2,52a84b75265441149516157! <u></u><u></u></p>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal" style="margin-left:1.0in">
_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br>
<br>
!DSPAM:2,52a84b75265441149516157!<u></u><u></u></p>
</div>
</blockquote>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt;margin-left:1.0in">
<br>
_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-left:1.0in">
<u></u><u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-left:.5in"><u></u> <u></u></p>
</div>
</div>
</div>
</div>
<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div><br>
</div></div>