[openstack-dev] [neutron][fwaas] how a disabled firewall should behave

Takashi Yamamoto yamamoto at midokura.com
Tue Jan 26 10:15:37 UTC 2016


what a firewall with admin_state_up=False should do?
my intuition says such a firewall should pass all traffic. (same as no firewall)
but the reference implementation seems to block everything. (same as a
firewall without any rules)
i wrote a tempest test case (test_firewall_disable_rule) mirroring the
behaviour of the reference implementation
because i couldn't find any documentation.
but i'm now wondering if it was correct.
is the reference implementation's behavior intended?  how other vendors do?

More information about the OpenStack-dev mailing list