[Openstack] [Neutron][FWaaS] Doubts with FWaaS
trinath.somanchi at freescale.com
trinath.somanchi at freescale.com
Thu Dec 12 07:09:58 UTC 2013
I have created some rules and added to Policy which is added to firewall which is in ACTIVE state.
I have found the following in the firewall logs
root at havana:/usr/lib/python2.7/dist-packages/neutron/common# tail -f /var/log/neutron/l3-agent.log | grep firewall
2013-12-12 12:34:57.176 19582 DEBUG neutron.openstack.common.rpc.amqp [-] received {u'_context_roles': [u'admin'], u'_context_read_deleted': u'no', u'_context_tenant_id': u'18088213420b45109da582f677ed8367', u'args': {u'firewall': {u'status': u'PENDING_UPDATE', u'name': u'Firewall-Test', u'admin_state_up': True, u'tenant_id': u'18088213420b45109da582f677ed8367', u'firewal_policy_id': u'255b8347-2069-4980-a911-a521a3e5b571', u'shared': None, u'id': u'5add0082-54b8-468e-b764-6c6d62d11b4b', u'firewall_rule_list': [{u'protocol': u'tcp', u'description': u'', u'ip_version': 4, u'tenant_id': u'18088213420b45109da582f677ed8367', u'enabled': True, u'source_ip_address': u'10.10.10.100', u'destination_ip_address': u'10.10.10.200', u'firewall_policy_id': u'255b8347-2069-4980-a911-a521a3e5b571', u'action': u'allow', u'shared': False, u'source_port': u'8010', u'position': 1, u'destination_port': u'8010', u'id': u'f60fe35d-5bc8-4973-bd4e-ddac85012624', u'name': u'rule2'}, {u'protocol': u'tcp', u'description': u'Allow Port 80', u'ip_version': 4, u'tenant_id': u'18088213420b45109da582f677ed8367', u'enabled': True, u'source_ip_address': u'10.10.10.100', u'destination_ip_address': u'10.10.10.200', u'firewall_policy_id': u'255b8347-2069-4980-a911-a521a3e5b571', u'action': u'allow', u'shared': True, u'source_port': u'80', u'position': 2, u'destination_port': u'80', u'id': u'6fbfbe3e-fefa-49f7-8189-431da4e12d8a', u'name': u'allow80'}, {u'protocol': u'tcp', u'description': u'', u'ip_version': 4, u'tenant_id': u'18088213420b45109da582f677ed8367', u'enabled': True, u'source_ip_address': u'10.10.10.100', u'destination_ip_address': u'10.10.10.200', u'firewall_policy_id': u'255b8347-2069-4980-a911-a521a3e5b571', u'action': u'allow', u'shared': False, u'source_port': u'8020', u'position': 3, u'destination_port': u'8020', u'id': u'0ad077ab-a61b-4d90-9975-ca4a2d7c5936', u'name': u'rule3'}], u'description': u''}, u'host': u'havana'}, u'namespace': None, u'_unique_id': u'c1926314dfcb40c19c34ea794cafa7fe', u'_context_is_admin': True, u'version': u'1.0', u'_context_project_id': u'18088213420b45109da582f677ed8367', u'_context_timestamp': u'2013-12-12 07:04:56.847184', u'_context_user_id': u'cb1d76176a07463db848ae89060e5786', u'method': u'updatefirewall'} _safe_log /usr/lib/python2.7/dist-packages/neutron/openstack/common/rpc/common.py:276
2013-12-12 12:34:57.182 19582 DEBUG neutron.services.firewall.agents.l3reference.firewall_l3_agent [-] update_firewall from agent for fw: 5add0082-54b8-468e-b764-6c6d62d11b4b _invoke_driver_for_plugin_api /usr/lib/python2.7/dist-packages/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py:108
2013-12-12 12:35:02.718 19582 DEBUG neutron.services.firewall.agents.l3reference.firewall_l3_agent [-] Apply fw on Router List: '[u'1c317e97-d270-4977-a5d7-27534194049f']' _invoke_driver_for_plugin_api /usr/lib/python2.7/dist-packages/neutron/services/firewall/agents/l3reference/firewall_l3_agent.py:123
2013-12-12 12:35:02.718 19582 DEBUG neutron.services.firewall.drivers.linux.iptables_fwaas [-] Updating firewall 5add0082-54b8-468e-b764-6c6d62d11b4b for tenant 18088213420b45109da582f677ed8367) update_firewall /usr/lib/python2.7/dist-packages/neutron/services/firewall/drivers/linux/iptables_fwaas.py:82
2013-12-12 12:35:02.720 19582 DEBUG neutron.openstack.common.rpc.amqp [-] Making synchronous call on q-firewall-plugin ... multicall /usr/lib/python2.7/dist-packages/neutron/openstack/common/rpc/amqp.py:530
I want to know what is the command to view these rules apart from the neutron CLI ?
Is there any possibility to view these rules ?
When I issue the command, iptables –L, I’m unable to view the rules, Kindly help me to understand the same.
Please correct me if I’m wrong.
--
Trinath Somanchi - B39208
trinath.somanchi at freescale.com | extn: 4048
From: Sumit Naiksatam [mailto:sumitnaiksatam at gmail.com]
Sent: Thursday, December 12, 2013 12:08 PM
To: Somanchi Trinath-B39208
Cc: openstack at lists.openstack.org
Subject: Re: [Openstack] [Neutron][FWaaS] Doubts with FWaaS
Thats seems correct. You want to check for the iptables in the router's namespace. Also check for anything in the neutron or the l3-agent logs.
Thanks,
~Sumit.
On Wed, Dec 11, 2013 at 10:35 PM, trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com> <trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com>> wrote:
Hi-
Yes!, I have configured Fwaas Driver this way in neutron.conf
[fwaas]
driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True
--
Trinath Somanchi - B39208
trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com> | extn: 4048
From: Sumit Naiksatam [mailto:sumitnaiksatam at gmail.com<mailto:sumitnaiksatam at gmail.com>]
Sent: Wednesday, December 11, 2013 10:15 PM
To: Remo Mattei
Cc: openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: Re: [Openstack] [FWaaS] Doubts with FWaaS
Is the fwaas_driver configured correctly?
On Wed, Dec 11, 2013 at 6:42 AM, Remo Mattei <remo at mattei.org<mailto:remo at mattei.org>> wrote:
What are you trying to do?
Inviato da iPhone ()
Il giorno Dec 11, 2013, alle ore 3:02, "trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com>" <trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com>> ha scritto:
Hi-
I have a Network 12.12.12.0/24<http://12.12.12.0/24> connected to a router (router1)
I have got the neutron based chains in iptables too..
Chain INPUT (policy ACCEPT 451K packets, 126M bytes)
pkts bytes target prot opt in out source destination
413K 119M neutron-openvswi-INPUT all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
48090 14M nova-compute-INPUT all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
262K 75M nova-network-INPUT all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
264K 76M nova-api-INPUT all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> tcp dpt:67
Chain FORWARD (policy ACCEPT 18 packets, 2855 bytes)
pkts bytes target prot opt in out source destination
22 4189 neutron-filter-top all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
22 4189 neutron-openvswi-FORWARD all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
18 2855 nova-filter-top all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
0 0 nova-compute-FORWARD all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
0 0 nova-network-FORWARD all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
0 0 nova-api-FORWARD all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
0 0 ACCEPT all -- * virbr0 0.0.0.0/0<http://0.0.0.0/0> 192.168.122.0/24<http://192.168.122.0/24> ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24<http://192.168.122.0/24> 0.0.0.0/0<http://0.0.0.0/0>
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
0 0 REJECT all -- * virbr0 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 450K packets, 124M bytes)
pkts bytes target prot opt in out source destination
413K 116M neutron-filter-top all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
413K 116M neutron-openvswi-OUTPUT all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
450K 124M nova-filter-top all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
49273 14M nova-compute-OUTPUT all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
263K 77M nova-network-OUTPUT all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
265K 77M nova-api-OUTPUT all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain neutron-filter-top (2 references)
pkts bytes target prot opt in out source destination
413K 116M neutron-openvswi-local all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain neutron-openvswi-FORWARD (1 references)
pkts bytes target prot opt in out source destination
2 706 neutron-openvswi-sg-chain all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> PHYSDEV match --physdev-out tap761426aa-f9 --physdev-is-bridged
2 628 neutron-openvswi-sg-chain all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> PHYSDEV match --physdev-in tap761426aa-f9 --physdev-is-bridged
Chain neutron-openvswi-INPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 neutron-openvswi-o761426aa-f all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> PHYSDEV match --physdev-in tap761426aa-f9 --physdev-is-bridged
Chain neutron-openvswi-OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain neutron-openvswi-i761426aa-f (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> state INVALID
0 0 RETURN all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> state RELATED,ESTABLISHED
2 706 RETURN udp -- * * 12.12.12.3 0.0.0.0/0<http://0.0.0.0/0> udp spt:67 dpt:68
0 0 neutron-openvswi-sg-fallback all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain neutron-openvswi-local (1 references)
pkts bytes target prot opt in out source destination
Chain neutron-openvswi-o761426aa-f (2 references)
pkts bytes target prot opt in out source destination
2 628 RETURN udp -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> udp spt:68 dpt:67
0 0 neutron-openvswi-s761426aa-f all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
0 0 DROP udp -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> udp spt:67 dpt:68
0 0 DROP all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> state INVALID
0 0 RETURN all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> state RELATED,ESTABLISHED
0 0 RETURN all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
0 0 neutron-openvswi-sg-fallback all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain neutron-openvswi-s761426aa-f (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 12.12.12.2 0.0.0.0/0<http://0.0.0.0/0> MAC FA:16:3E:35:F9:57
0 0 DROP all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain neutron-openvswi-sg-chain (2 references)
pkts bytes target prot opt in out source destination
2 706 neutron-openvswi-i761426aa-f all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> PHYSDEV match --physdev-out tap761426aa-f9 --physdev-is-bridged
2 628 neutron-openvswi-o761426aa-f all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> PHYSDEV match --physdev-in tap761426aa-f9 --physdev-is-bridged
4 1334 ACCEPT all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain neutron-openvswi-sg-fallback (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain nova-api-FORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain nova-api-INPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0<http://0.0.0.0/0> 10.10.10.100 tcp dpt:8775
Chain nova-api-OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain nova-api-local (1 references)
pkts bytes target prot opt in out source destination
Chain nova-compute-FORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0 255.255.255.255 udp spt:68 dpt:67
Chain nova-compute-INPUT (1 references)
pkts bytes target prot opt in out source destination
2 628 ACCEPT udp -- * * 0.0.0.0 255.255.255.255 udp spt:68 dpt:67
Chain nova-compute-OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain nova-compute-inst-26 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> state INVALID
0 0 ACCEPT all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> state RELATED,ESTABLISHED
0 0 nova-compute-provider all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
0 0 ACCEPT udp -- * * 12.12.12.3 0.0.0.0/0<http://0.0.0.0/0> udp spt:67 dpt:68
0 0 nova-compute-sg-fallback all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain nova-compute-local (1 references)
pkts bytes target prot opt in out source destination
0 0 nova-compute-inst-26 all -- * * 0.0.0.0/0<http://0.0.0.0/0> 12.12.12.2
Chain nova-compute-provider (1 references)
pkts bytes target prot opt in out source destination
Chain nova-compute-sg-fallback (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain nova-filter-top (2 references)
pkts bytes target prot opt in out source destination
49273 14M nova-compute-local all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
263K 77M nova-network-local all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
265K 77M nova-api-local all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain nova-network-FORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain nova-network-INPUT (1 references)
pkts bytes target prot opt in out source destination
Chain nova-network-OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain nova-network-local (1 references)
pkts bytes target prot opt in out source destination
But then there are chain with name “neutron-l3-agent”
Is there anything am I missing ?
Kindly guide me in this regard.
--
Trinath Somanchi - B39208
trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com> | extn: 4048
From: 郭龙仓 [mailto:guolongcang.work at gmail.com]
Sent: Wednesday, December 11, 2013 2:16 PM
To: Somanchi Trinath-B39208
Cc: openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: Re: [Openstack] [FWaaS] Doubts with FWaaS
well , maybe you can show me your tenant network topology.
2013/12/11 trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com> <trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com>>
Yes..
I have controller + network + compute node in a single machine.
--
Trinath Somanchi - B39208
trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com> | extn: 4048
From: 郭龙仓 [mailto:guolongcang.work at gmail.com<mailto:guolongcang.work at gmail.com>]
Sent: Wednesday, December 11, 2013 2:08 PM
To: Somanchi Trinath-B39208
Cc: openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: Re: [Openstack] [FWaaS] Doubts with FWaaS
all-in-one deploy ? qr-{xxx} device is created on the network node .
2013/12/11 trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com> <trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com>>
Hi-
I have the following chains in the iptables.
root at havana:~# iptables -L -n -v
Chain INPUT (policy ACCEPT 6021 packets, 474K bytes)
pkts bytes target prot opt in out source destination
5921 465K nova-api-INPUT all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> tcp dpt:67
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 nova-filter-top all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
0 0 nova-api-FORWARD all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
0 0 ACCEPT all -- * virbr0 0.0.0.0/0<http://0.0.0.0/0> 192.168.122.0/24<http://192.168.122.0/24> ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24<http://192.168.122.0/24> 0.0.0.0/0<http://0.0.0.0/0>
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
0 0 REJECT all -- * virbr0 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 6746 packets, 462K bytes)
pkts bytes target prot opt in out source destination
6614 452K nova-filter-top all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
6614 452K nova-api-OUTPUT all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
Chain nova-api-FORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain nova-api-INPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0<http://0.0.0.0/0> 10.10.10.100 tcp dpt:8775
Chain nova-api-OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain nova-api-local (1 references)
pkts bytes target prot opt in out source destination
Chain nova-filter-top (2 references)
pkts bytes target prot opt in out source destination
6614 452K nova-api-local all -- * * 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
I find none with the names suggested below. Am I missing any of the configurations required.
Kindly help me in this regard.
--
Trinath Somanchi - B39208
trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com> | extn: 4048
From: 郭龙仓 [mailto:guolongcang.work at gmail.com<mailto:guolongcang.work at gmail.com>]
Sent: Wednesday, December 11, 2013 1:46 PM
To: Somanchi Trinath-B39208
Cc: openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: Re: [Openstack] [FWaaS] Doubts with FWaaS
FWaaS is implemented through iptables on qr-{xxx} device , one inbound chain named like neutron-l3-agent-iv{xxx} and one outbound chain named like neutron-l3-agent-ov{xxx} .
You can check the qr-{xxx} device's iptables rules.
2013/12/11 trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com> <trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com>>
Hi stackers-
I have configured FWaas with Neutron.
Also, I have created a simple firewall rule, added the same to a policy and created a firewall with this policy from CLI
The firewall is in ERROR state.
The rules and the policies were added to the DB.
How do I debug to find the error. Also, will these rules be added to the iptables?
Help be troubleshoot and understand the same.
--
Trinath Somanchi - B39208
trinath.somanchi at freescale.com<mailto:trinath.somanchi at freescale.com> | extn: 4048
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
!DSPAM:2,52a84b75265441149516157!
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
!DSPAM:2,52a84b75265441149516157!
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131212/c9a122b0/attachment.html>
More information about the Openstack
mailing list