Xurong, Firewall is colocated with router. You need to create a router, then the firewall state will be updated.
Gary On Thu, Jun 5, 2014 at 2:48 AM, Xurong Yang <ido...@gmail.com> wrote: > Hi, Stackers > My use case: > > under project_id A: > 1.create firewall rule default(share=false). > 2.create firewall policy default(share=false). > 3.attach rule to policy. > 4.update policy(share=true) > > under project_id B: > 1.create firewall with policy(share=true) based on project A. > then create firewall fail and suspend with status=PENDING_CREATE > > openstack@openstack03:~/Vega$ neutron firewall-policy-list > +--------------------------------------+------+----------------------------------------+ > | id | name | firewall_rules > | > +--------------------------------------+------+----------------------------------------+ > | 7884fb78-1903-4af6-af3f-55e5c7c047c9 | Demo | > [d5578ab5-869b-48cb-be54-85ee9f15d9b2] | > | 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | Test | > [8679da8d-200e-4311-bb7d-7febd3f46e37, | > | | | > 86ce188d-18ab-49f2-b664-96c497318056] | > +--------------------------------------+------+----------------------------------------+ > openstack@openstack03:~/Vega$ neutron firewall-rule-list > +--------------------------------------+----------+--------------------------------------+--------------------------------+---------+ > | id | name | firewall_policy_id > | summary | enabled | > +--------------------------------------+----------+--------------------------------------+--------------------------------+---------+ > | 8679da8d-200e-4311-bb7d-7febd3f46e37 | DenyOne | > 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP, | True > | > | | | > | source: none(none), | | > | | | > | dest: 192.168.0.101/32(none), | | > | | | > | deny | | > | 86ce188d-18ab-49f2-b664-96c497318056 | AllowAll | > 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP, | True > | > | | | > | source: none(none), | | > | | | > | dest: none(none), | | > | | | > | allow | | > +--------------------------------------+----------+--------------------------------------+--------------------------------+---------+ > openstack@openstack03:~/Vega$ neutron firewall-create --name Test > Demo*Firewall Rule d5578ab5-869b-48cb-be54-85ee9f15d9b2 could not be found.* > openstack@openstack03:~/Vega$ neutron firewall-show Test > +--------------------+--------------------------------------+ > | Field | Value | > +--------------------+--------------------------------------+ > | admin_state_up | True | > | description | | > | firewall_policy_id | 7884fb78-1903-4af6-af3f-55e5c7c047c9 | > | id | 7c59c7da-ace1-4dfa-8b04-2bc6013dbc0a | > | name | Test | > | status | *PENDING_CREATE* | > | tenant_id | a0794fca47de4631b8e414beea4bd51b | > +--------------------+--------------------------------------+ > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
