<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Old (and undesirable) behavior was to apply the ‘firewall’ with all tenant routers.<div class=""><br class=""></div><div class="">Using --router allows you to apply the ‘firewall’ with one or more specified routers.</div><div class=""><br class=""></div><div class="">IIRC, there’s nothing special needed to utilize this other than to have the FWaaS driver and extension enabled.</div><div class=""><br class=""><div class="">
<div class=""><div class="">James</div></div>
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On Jan 12, 2016, at 11:57 AM, Mike Spreitzer <<a href="mailto:mspreitz@us.ibm.com" class="">mspreitz@us.ibm.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=us-ascii" class=""><tt class=""><font size="2" class="">> From: Matt Kassawara <<a href="mailto:mkassawara@gmail.com" class="">mkassawara@gmail.com</a>></font></tt><br class=""><tt class=""><font size="2" class="">> To: Mike Spreitzer/Watson/IBM@IBMUS</font></tt><br class=""><tt class=""><font size="2" class="">> Cc: "<a href="mailto:openstack@lists.openstack.org" class="">openstack@lists.openstack.org</a>"
<<a href="mailto:openstack@lists.openstack.org" class="">openstack@lists.openstack.org</a>></font></tt><br class=""><tt class=""><font size="2" class="">> Date: 01/12/2016 12:16 PM</font></tt><br class=""><tt class=""><font size="2" class="">> Subject: Re: [Openstack] [neutron] User documentation
for Neutron's <br class="">> Firewall-as-a-Service (FWaaS)?</font></tt><br class=""><tt class=""><font size="2" class="">> <br class="">> Not really... :/</font></tt><br class=""><tt class=""><font size="2" class="">> <br class="">> On Tue, Jan 12, 2016 at 9:43 AM, Mike Spreitzer <<a href="mailto:mspreitz@us.ibm.com" class="">mspreitz@us.ibm.com</a>>
wrote:</font></tt><br class=""><tt class=""><font size="2" class="">> Is there any user documentation for FWaaS besides
http://<br class="">> <a href="http://docs.openstack.org/admin-guide-cloud/" class="">docs.openstack.org/admin-guide-cloud/</a><br class="">> networking_introduction.html#firewall-as-a-service-fwaas-overview<br class="">> ? That one is a bit skimpy and, I suspect, a little outdated. For
<br class="">> example, `neutron help firewall-create` mentions an option, `--<br class="">> router`, that is not mentioned in that doc section and not well <br class="">> explained in the on-line help.<br class=""></font></tt><br class=""><tt class=""><font size="2" class="">So can someone please explain the `--router` option
to `neutron firewall-create` in more detail? Here is what I get from
`neutron help firewall-create`:</font></tt><br class=""><br class=""><font size="2" face="Menlo-Regular" class="">usage: neutron firewall-create [-h]
[-f {json,shell,table,value,yaml}]</font><br class=""><font size="2" face="Menlo-Regular" class="">
[-c
COLUMN] [--max-width <integer>]</font><br class=""><font size="2" face="Menlo-Regular" class="">
[--noindent]
[--prefix PREFIX]</font><br class=""><font size="2" face="Menlo-Regular" class="">
[--request-format
{json,xml}]</font><br class=""><font size="2" face="Menlo-Regular" class="">
[--tenant-id
TENANT_ID] [--name NAME]</font><br class=""><font size="2" face="Menlo-Regular" class="">
[--description
DESCRIPTION]</font><br class=""><font size="2" face="Menlo-Regular" class="">
[--admin-state-down]
[--router ROUTER]</font><br class=""><font size="2" face="Menlo-Regular" class="">
POLICY</font><br class=""><br class=""><font size="2" face="Menlo-Regular" class="">...</font><br class=""><font size="2" face="Menlo-Regular" class="">optional arguments:</font><br class=""><font size="2" face="Menlo-Regular" class="">...</font><br class=""><font size="2" face="Menlo-Regular" class=""> --router ROUTER
Firewall associated router names or IDs (requires</font><br class=""><font size="2" face="Menlo-Regular" class="">
FWaaS router insertion
extension, this option can be</font><br class=""><font size="2" face="Menlo-Regular" class="">
repeated)</font><br class=""><font size="2" face="Menlo-Regular" class="">...</font><br class=""><br class=""><font size="2" face="Menlo-Regular" class="">Is there someplace I can learn more
about this "FWaaS router insertion extension"? When I use
DevStack, does it install this extension? How do I controls its installation
when using DevStack? How do I install it when not using DevStack?
How, in general, can I tell whether it is installed/enabled? What
happens if I do not supply a `--router` argument to this command? Does
the answer to that depend on whether the FWaaS router insertion extension
is installed/enabled?</font><br class=""><br class=""><font size="2" face="Menlo-Regular" class="">Thanks,</font><br class=""><font size="2" face="Menlo-Regular" class="">Mike</font><br class=""><br class=""><br class="">_______________________________________________<br class="">Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br class="">Post to : <a href="mailto:openstack@lists.openstack.org" class="">openstack@lists.openstack.org</a><br class="">Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br class=""></div></blockquote></div><br class=""></div></body></html>