Hi Thiago, Current, FWaaS only manages what's allowed in and out on router ports. Security profiles are applied to instances ports directly.
FYI: The current FWaaS API is somewhat experimental and policy applies globally to all the routers a tenant owns (i.e: no zone concept yet). Aaron On Mon, Oct 28, 2013 at 1:58 PM, Martinx - ジェームズ <thiagocmarti...@gmail.com>wrote: > Guys, > > I'm trying to figure out the main differences between FWaaS and "Security > Groups". > > > * Does it complement each other? Or is FWaaS a "Security Groups" > replacement...? > > * Can FWaaS manage the "Tenant Namespace Router NAT Table"? > > * Does FWaaS manage the same iptables/ip6tables tables at L3 Namespace > router in which the "Security Groups" already manages too? > > > For example, two commands to do (almost) the same thing? Like this: > > Open TCP port 80: > > FWaaS: > > neutron firewall-rule-create --protocol tcp --destination-port 80 --action > allow > > > Security Groups: > > neutron security-group-rule-create --direction ingress --protocol tcp > --port_range_min 80 --port_range_max 80 <security_group_uuid> > > > I'm a bit confused about the aims and proposals of each approach / > project... > > Thanks! > Thiago > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
