I have never really used fwaas, but I do believe its targeted at routers. 

Security groups already do firewalling for the vm ports



Donny Davis
c: 805 814 6800

On Tue, Mar 3, 2020, 5:15 AM Ignazio Cassano <ignaziocassano@gmail.com> wrote:
Hello All, I installed firewall v2 on queens based on centos 7.
I create a firewall group policy and a firewall group rulle with that policy.

The firewall results ACTIVE AND UP and INACTIVE

When I ttry to apply the firewall group to an instance port :
openstack  firewall group set --port c7c8be58-35de-47fe-87db-39bbd681db8b fwg1

It does not works and goes in pending update status.


L3 agent log reports:
Could not load neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver

But the file esists

I am using firewall_driver = openvswitch

Please, whai is wrong ?

I read Supports L2 firewalling (VM ports) was planned for ocata and I am on queens.

Please, help me.

Ignazio