On 11/19/2014 03:31 AM, Chinasubbareddy M wrote: > Hi all, > > I would like to know where the iptables at compute side will get saved, I > mean > they will get saved in any configuration file or not.
Neutron doesn't save iptables info in any file, it builds a chain/rule set internally, then applies it when triggered. > When I change an iptable and restart the ovs agent , changes are going away > and > original iptables coming up. You should typically not add or modify iptables rules by hand, but instead use the security group API to add them. If you're trying to add something to the chain for an instance you will always be fighting with the iptables_manager and it will always remove whatever you have added. If you're trying to add a chain/rule for something not managed by Neutron, for example an INPUT rule to drop packets to a TCP port, I would only suggest doing that when the agent is not running since you'll just race with it and things will get out of sync. > I would like to understand deep into iPtables in opernstack ,please suggest me > any working guides or blogs. Look for the files iptables_manager.py and iptables_firewall.py - that's where the manager and most of the security group code lives. -Brian _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
