I am using Queens release of Openstack

1: Every VM port is automatically added into default fwg. how to disable this?

2: I am getting the following error in server.log file when adding VM ports to any fwg.

cat server.log | grep hybrid 2019-01-08 09:44:23.250 5551 WARNING neutron_fwaas.services.firewall.fwaas_plugin_v2 [req-954fc500-38f3-42e8-b3f5-298b12d74b37 cba99b40c59f46eca587851a2d80ea80 8da672624dd341e5a789ee9785d1d82f - default default] Doesn't support hybrid port at the moment 2019-01-08 10:56:04.660 11428 WARNING neutron_fwaas.services.firewall.fwaas_plugin_v2 [req-515b81b4-26d0-41da-882e-c002738b476d cba99b40c59f46eca587851a2d80ea80 8da672624dd341e5a789ee9785d1d82f - default default] Doesn't support hybrid port at the moment 2019-01-08 10:56:16.125 11426 WARNING neutron_fwaas.services.firewall.fwaas_plugin_v2 [req-4fc47e03-9f66-4f53-9e5e-a1013065adc3 cba99b40c59f46eca587851a2d80ea80 8da672624dd341e5a789ee9785d1d82f - default default] Doesn't support hybrid port at the moment

l3_agent.ini, fwaas_driver.ini, neutron.conf, openvswitch_agent.ini configs are as follows

[l3_agent.ini]

[DEFAULT]

interface_driver = openvswitch

external_network_bridge =

ovs_use_veth = True

[AGENT]

extensions = fwaas_v2,fip_qos

[fwaas_driver.ini]

[DEFAULT]

[fwaas]

agent_version = v2

driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver

enabled = True

firewall_l2_driver = ovs

[neutron.conf]

[database]

connection = mysql+pymysql://neutron:password@controller/neutron

[DEFAULT]

core_plugin = ml2

service_plugins = router,firewall_v2,qos

allow_overlapping_ips = true

transport_url = rabbit://openstack:password@controller

auth_strategy = keystone

notify_nova_on_port_status_changes = true

notify_nova_on_port_data_changes = true

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = password

[nova]

auth_url = http://controller:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = password

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

[service_providers]

service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default

[openvswitch_agent.ini]

[ovs]

bridge_mappings = external:br-provider, internet:br-internet

local_ip = 192.168.100.2

[agent]

tunnel_types = vxlan

l2_population = True

extensions = qos

[securitygroup]

firewall_driver = openvswitch

3: neutron_fwaas.conf file was not created during installation and even after manually creating the file and enabling options in it as given below I can not verify that they work.

[quotas]

quota_firewall = 10

quota_firewall_policy = 10

quota_firewall_rule = 100