[openstack-dev] [neutron][fwaas] how a disabled firewall should behave
James Denton
james.denton at rackspace.com
Tue Jan 26 15:00:46 UTC 2016
Hi Takashi,
At least in Liberty, with the reference iptables firewall, it looks like setting the admin state of the firewall to DOWN results in traffic hitting only the neutron-l3-agent-fwaas-defau chain. The action there is to DROP all traffic.
James
On 1/26/16, 4:15 AM, "Takashi Yamamoto" <yamamoto at midokura.com> wrote:
>hi,
>
>what a firewall with admin_state_up=False should do?
>my intuition says such a firewall should pass all traffic. (same as no firewall)
>but the reference implementation seems to block everything. (same as a
>firewall without any rules)
>i wrote a tempest test case (test_firewall_disable_rule) mirroring the
>behaviour of the reference implementation
>because i couldn't find any documentation.
>but i'm now wondering if it was correct.
>is the reference implementation's behavior intended? how other vendors do?
>
>__________________________________________________________________________
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list