[openstack-dev] [neutron] A question about firewall
Gary Duan
garyduan at gmail.com
Thu Jun 5 14:00:18 UTC 2014
Xurong,
Firewall is colocated with router. You need to create a router, then the
firewall state will be updated.
Gary
On Thu, Jun 5, 2014 at 2:48 AM, Xurong Yang <idopra at gmail.com> wrote:
> Hi, Stackers
> My use case:
>
> under project_id A:
> 1.create firewall rule default(share=false).
> 2.create firewall policy default(share=false).
> 3.attach rule to policy.
> 4.update policy(share=true)
>
> under project_id B:
> 1.create firewall with policy(share=true) based on project A.
> then create firewall fail and suspend with status=PENDING_CREATE
>
> openstack at openstack03:~/Vega$ neutron firewall-policy-list
> +--------------------------------------+------+----------------------------------------+
> | id | name | firewall_rules |
> +--------------------------------------+------+----------------------------------------+
> | 7884fb78-1903-4af6-af3f-55e5c7c047c9 | Demo | [d5578ab5-869b-48cb-be54-85ee9f15d9b2] |
> | 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | Test | [8679da8d-200e-4311-bb7d-7febd3f46e37, |
> | | | 86ce188d-18ab-49f2-b664-96c497318056] |
> +--------------------------------------+------+----------------------------------------+
> openstack at openstack03:~/Vega$ neutron firewall-rule-list
> +--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
> | id | name | firewall_policy_id | summary | enabled |
> +--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
> | 8679da8d-200e-4311-bb7d-7febd3f46e37 | DenyOne | 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP, | True |
> | | | | source: none(none), | |
> | | | | dest: 192.168.0.101/32(none), | |
> | | | | deny | |
> | 86ce188d-18ab-49f2-b664-96c497318056 | AllowAll | 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP, | True |
> | | | | source: none(none), | |
> | | | | dest: none(none), | |
> | | | | allow | |
> +--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
> openstack at openstack03:~/Vega$ neutron firewall-create --name Test Demo*Firewall Rule d5578ab5-869b-48cb-be54-85ee9f15d9b2 could not be found.*
> openstack at openstack03:~/Vega$ neutron firewall-show Test
> +--------------------+--------------------------------------+
> | Field | Value |
> +--------------------+--------------------------------------+
> | admin_state_up | True |
> | description | |
> | firewall_policy_id | 7884fb78-1903-4af6-af3f-55e5c7c047c9 |
> | id | 7c59c7da-ace1-4dfa-8b04-2bc6013dbc0a |
> | name | Test |
> | status | *PENDING_CREATE* |
> | tenant_id | a0794fca47de4631b8e414beea4bd51b |
> +--------------------+--------------------------------------+
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140605/e05d87ed/attachment.html>
More information about the OpenStack-dev
mailing list