Neutron - Fwaas配置

Fwaas简介

FWaaS uses iptables to apply firewall policy to all Networking routers within a project.(这些iptables规则存在于router的namespace)
FWaaS supports one firewall policy and logical firewall instance per project.(官方介绍，本人翻译水平有限)

FWaaS is currently in technical preview; untested operation is not recommended.(Fwaas现在只是技术性实现，不建议一些未经测试的操作)

Fwaas和Security group的区别

Fwaas的iptables规则存在于router的namespace中(主要关注filter表)

Security group的iptables规则存在于虚拟机所在的compute节点(主要关注filter表)

这篇博客是介绍neutron中的iptables，总结得很不错。http://lingxiankong.github.io/blog/2013/11/19/iptables-in-neutron/

Fwaas架构

具体配置

[[email protected] neutron]# vim /etc/neutron/neutron.conf  # 编辑neutron.conf配置文件，添加如下内容
[DEFAULT]
service_plugins = firewall[service_providers]service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default[fwaas]driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriverenabled = True
[[email protected] neutron]# vim /etc/openstack-dashboard/local_settings  # 编辑dashboard配置文件
‘enable_firewall‘: True,   # 在dashboard上启用Fwaas面板，默认是False
[[email protected]~]# service neutron-server restart   # 重启相应服务生效
Stopping neutron:                                          [  OK  ]
Starting neutron:                                          [  OK  ]
[[email protected]~]# service neutron-l3-agent restart
Stopping neutron-l3-agent:                                 [  OK  ]
Starting neutron-l3-agent:                                 [  OK  ]
[[email protected]~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

Fwaas使用

又来到animbus界面，图文并茂奉上！