Ask Your Question

Revision history [back]

The rules themselves are not stored in the database. What is stored is router information, which the L3 agent (or VPN agent) code uses to create netfilter rules. For example, this code in neutron/agent/l3/router_info.py:

def _add_snat_rules(self, ex_gw_port, iptables_manager,
                    interface_name):
    self.process_external_port_address_scope_routing(iptables_manager)

    if ex_gw_port:
        # ex_gw_port should not be None in this case
        # NAT rules are added only if ex_gw_port has an IPv4 address
        for ip_addr in ex_gw_port['fixed_ips']:
            ex_gw_ip = ip_addr['ip_address']
            if netaddr.IPAddress(ex_gw_ip).version == 4:
                if self._snat_enabled:
                    rules = self.external_gateway_nat_snat_rules(
                        ex_gw_ip, interface_name)
                    for rule in rules:
                        iptables_manager.ipv4['nat'].add_rule(*rule)

                rules = self.external_gateway_nat_fip_rules(
                    ex_gw_ip, interface_name)
                for rule in rules:
                    iptables_manager.ipv4['nat'].add_rule(*rule)
                rules = self.external_gateway_mangle_rules(interface_name)
                for rule in rules:
                    iptables_manager.ipv4['mangle'].add_rule(*rule)

                break

If you want to see the Neutron database:

$ mysql -uroot -pXXXXXXXX
Welcome to the MariaDB monitor.  Commands end with ; or \g.
(...)
MariaDB [(none)]> use neutron
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [neutron]> show tables;
+-----------------------------------------+
| Tables_in_neutron                       |
+-----------------------------------------+
| address_scopes                          |
| agents                                  |
(...)
| router_extra_attributes                 |
| routerl3agentbindings                   |
| routerports                             |
| routerroutes                            |
| routerrules                             |
| routers                                 |
| securitygroupportbindings               |
| securitygrouprules                      |
| securitygroups                          |
(...)
+-----------------------------------------+
162 rows in set (0.00 sec)