[Openstack] disable security group in essex
Kiall Mac Innes
kiall at managedit.ie
Wed Nov 21 14:23:38 UTC 2012
I've never used it - but I believe you can just set the firewall_driver
config var to nova.virt.firewall.NoopFirewallDriver
eg in nova.conf add:
--firewall_driver=nova.virt.firewall.NoopFirewallDriver
Thanks,
Kiall
On Wed, Nov 21, 2012 at 2:14 PM, Kevin Jackson <kevin at linuxservices.co.uk>wrote:
> Hi Ritesh,
> You will need to have enabled some rules - even if you provide rules that
> give carte blanch access to your instances. This is courtesy of the
> 'default' security group - that by design prevents any access and by
> design, is a default if you don't specify any security groups when
> launching instances.
>
> Whilst its easy to say you shouldn't do what you're intending to do and
> relying on perimeter security alone, that is not what you're asking and I'm
> all for choice and learning.
>
> So in your instance:
>
> nova secgroup-add-rule default tcp 0 65536 0.0.0.0/0
> nova secgroup-add-rule default udp 0 65536 0.0.0.0/0
> nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
>
> Note this is the netsec equivalent of doing chmod 777 on a file.
>
> To actually delete groups though
>
> nova secgroup-delete nameOfGroup
>
> Regards,
> Kev
>
>
> On 21 November 2012 13:45, Ritesh Nanda <riteshnanda09 at gmail.com> wrote:
>
>> Hello,
>>
>> Is there anyway we can disable security group in nova, as i would be
>> using an external firewall to do that.
>>
>> --
>>
>> * With Regards
>> *
>>
>> * Ritesh Nanda
>> *
>>
>> ***
>> *
>> <http://www.ericsson.com/>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>
>
> --
> Kevin Jackson
> @itarchitectkev
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121121/68b5ee39/attachment.html>
More information about the Openstack
mailing list