Open Stack

Thanks for the pointer Slawek!

I am wondering if the OP is thinking of security groups, and if so that is
through an ML2 plugin mechanism on the switch level configuration,
however.... very few ML2 plugins have supported applying security groups to
switches because the translation can be difficult or the switches don't
support packet inspection without performance degradation.



On Fri, Jun 30, 2023 at 12:27 AM Slawek Kaplonski <skaplons at redhat.com>
wrote:

> Hi,
>
> Dnia czwartek, 29 czerwca 2023 19:08:30 CEST Karl Kloppenborg pisze:
>
> > Hi Team,
>
> >
>
> > We have Ironic deployed and configured to deploy baremetal on vlans
> attached to the neutron routers of a tenancy/project.
>
> >
>
> > However, when assigned a floating IP, there’s no firewall and the server
> is completely exposed.
>
> >
>
> > I cannot seem to see any information on Ironic Firewall’s, how are
> others achieving this?
>
> >
>
> > Any suggestions would be greatly appreciated.
>
> >
>
> > Thanks,
>
> > Karl Kloppenborg.
>
> > Openstack-Helm Team.
>
> >
>
> For firewall on the Neutron's router level there is neutron-fwaas project
> [1]. Did You checked that?
>
> [1] https://docs.openstack.org/neutron/latest/admin/fwaas-v2-scenario.html
>
> --
>
> Slawek Kaplonski
>
> Principal Software Engineer
>
> Red Hat
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230630/495f3556/attachment.htm>