[Openstack] disable security group in essex

Ritesh Nanda riteshnanda09 at gmail.com
Thu Nov 22 11:41:55 UTC 2012 

Hey Kevin,

       firewall_driver did'nt worked , libvirt gives error libvirtError:
Network filter not found:, if i specify that flag in nova.conf.

On Wed, Nov 21, 2012 at 7:53 PM, Kiall Mac Innes <kiall at managedit.ie> wrote:

> I've never used it - but I believe you can just set the firewall_driver
> config var to nova.virt.firewall.NoopFirewallDriver
>
> eg in nova.conf add:
>
> --firewall_driver=nova.virt.firewall.NoopFirewallDriver
>
>
> Thanks,
> Kiall
>
>
>
> On Wed, Nov 21, 2012 at 2:14 PM, Kevin Jackson <kevin at linuxservices.co.uk>wrote:
>
>> Hi Ritesh,
>> You will need to have enabled some rules - even if you provide rules that
>> give carte blanch access to your instances. This is courtesy of the
>> 'default' security group - that by design prevents any access and by
>> design, is a default if you don't specify any security groups when
>> launching instances.
>>
>> Whilst its easy to say you shouldn't do what you're intending to do and
>> relying on perimeter security alone, that is not what you're asking and I'm
>> all for choice and learning.
>>
>> So in your instance:
>>
>> nova secgroup-add-rule default tcp 0 65536 0.0.0.0/0
>> nova secgroup-add-rule default udp 0 65536 0.0.0.0/0
>> nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
>>
>> Note this is the netsec equivalent of doing chmod 777 on a file.
>>
>> To actually delete groups though
>>
>> nova secgroup-delete nameOfGroup
>>
>> Regards,
>> Kev
>>
>>
>>  On 21 November 2012 13:45, Ritesh Nanda <riteshnanda09 at gmail.com> wrote:
>>
>>>  Hello,
>>>
>>> Is there anyway we can disable security group in nova, as i would be
>>> using an external firewall to do that.
>>>
>>> --
>>>
>>> * With Regards
>>> *
>>>
>>> * Ritesh Nanda
>>> *
>>>
>>> ***
>>> *
>>> <http://www.ericsson.com/>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to     : openstack at lists.launchpad.net
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>>
>> --
>> Kevin Jackson
>> @itarchitectkev
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>


-- 

* With Regards
*

* Ritesh Nanda
*

***
*
<http://www.ericsson.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121122/1a5e5e88/attachment.html>

More information about the Openstack mailing list