[openstack-dev] [Neutron] FWaaS/Security groups Not blocking ongoing traffic

Itzik Brown itbrown at redhat.com
Mon Oct 27 12:17:17 UTC 2014


Hi,

When building a firewall with a rule to block a specific Traffic - the current traffic is not blocked.

For example:

Running a Ping to an instance and then building a firewall with a rule to block ICMP to this instance doesn't have affect while the ping command is still running.
Exiting the command and then trying pinging the Instance again shows the desired result - i.e. the traffic is blocked.

It also the case when using security groups to block traffic.

Is this the desired outcome or is it a bug?

Itzik



More information about the OpenStack-dev mailing list