neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2 module

neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2.CHAIN_NAME_PREFIX = {'egress': 'o', 'ingress': 'i'}

Firewall rules are applied on internal-interfaces of Neutron router. The packets ingressing tenant’s network will be on the output direction on internal-interfaces.

class neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver

Bases: FwaasDriverBase

IPTables driver for Firewall As A Service.

apply_default_policy(agent_mode, apply_list, firewall)

Apply the default policy on all trusted interfaces.

Remove current policy and apply the default policy on all trusted interfaces.

create_firewall_group(agent_mode, apply_list, firewall)

Create the Firewall with default (drop all) policy.

The default policy will be applied on all the interfaces of trusted zone.

delete_firewall_group(agent_mode, apply_list, firewall)

Delete firewall.

Removes all policies created by this instance and frees up all the resources.

update_firewall_group(agent_mode, apply_list, firewall)

Apply the policy on all trusted interfaces.

Remove previous policy and apply the new policy on all trusted interfaces.