Old (and undesirable) behavior was to apply the ‘firewall’ with all tenant routers.
Using --router allows you to apply the ‘firewall’ with one or more specified
routers.
IIRC, there’s nothing special needed to utilize this other than to have the
FWaaS driver and extension enabled.
James
> On Jan 12, 2016, at 11:57 AM, Mike Spreitzer <mspre...@us.ibm.com> wrote:
>
> > From: Matt Kassawara <mkassaw...@gmail.com>
> > To: Mike Spreitzer/Watson/IBM@IBMUS
> > Cc: "openstack@lists.openstack.org" <openstack@lists.openstack.org>
> > Date: 01/12/2016 12:16 PM
> > Subject: Re: [Openstack] [neutron] User documentation for Neutron's
> > Firewall-as-a-Service (FWaaS)?
> >
> > Not really... :/
> >
> > On Tue, Jan 12, 2016 at 9:43 AM, Mike Spreitzer <mspre...@us.ibm.com> wrote:
> > Is there any user documentation for FWaaS besides http://
> > docs.openstack.org/admin-guide-cloud/
> > networking_introduction.html#firewall-as-a-service-fwaas-overview
> > ? That one is a bit skimpy and, I suspect, a little outdated. For
> > example, `neutron help firewall-create` mentions an option, `--
> > router`, that is not mentioned in that doc section and not well
> > explained in the on-line help.
>
> So can someone please explain the `--router` option to `neutron
> firewall-create` in more detail? Here is what I get from `neutron help
> firewall-create`:
>
> usage: neutron firewall-create [-h] [-f {json,shell,table,value,yaml}]
> [-c COLUMN] [--max-width <integer>]
> [--noindent] [--prefix PREFIX]
> [--request-format {json,xml}]
> [--tenant-id TENANT_ID] [--name NAME]
> [--description DESCRIPTION]
> [--admin-state-down] [--router ROUTER]
> POLICY
>
> ...
> optional arguments:
> ...
> --router ROUTER Firewall associated router names or IDs (requires
> FWaaS router insertion extension, this option can be
> repeated)
> ...
>
> Is there someplace I can learn more about this "FWaaS router insertion
> extension"? When I use DevStack, does it install this extension? How do I
> controls its installation when using DevStack? How do I install it when not
> using DevStack? How, in general, can I tell whether it is installed/enabled?
> What happens if I do not supply a `--router` argument to this command? Does
> the answer to that depend on whether the FWaaS router insertion extension is
> installed/enabled?
>
> Thanks,
> Mike
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
