[openstack-dev] [neutron][fwaas] how a disabled firewall should behave
james.denton at rackspace.com
Tue Jan 26 15:00:46 UTC 2016
At least in Liberty, with the reference iptables firewall, it looks like setting the admin state of the firewall to DOWN results in traffic hitting only the neutron-l3-agent-fwaas-defau chain. The action there is to DROP all traffic.
On 1/26/16, 4:15 AM, "Takashi Yamamoto" <yamamoto at midokura.com> wrote:
>what a firewall with admin_state_up=False should do?
>my intuition says such a firewall should pass all traffic. (same as no firewall)
>but the reference implementation seems to block everything. (same as a
>firewall without any rules)
>i wrote a tempest test case (test_firewall_disable_rule) mirroring the
>behaviour of the reference implementation
>because i couldn't find any documentation.
>but i'm now wondering if it was correct.
>is the reference implementation's behavior intended? how other vendors do?
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
More information about the OpenStack-dev