Can we disable nwfilter of libvirt in Nova? [closed]

asked 2013-08-21 05:12:32 -0600

kimi-zhangkai gravatar image

In Grizzly, my VM uses network with DHCP disabled, I use an external DHCP server instead.

So the fact is that VM real IP is not the one Quantum server assigned. And the nwfilter of this VM only allows communication with quantum assigned IP, thus my VM can not do network access at all.

Manually undefine this nwfilter by virsh nwfilter-undefine fixes this issue.

Is there any global setting for nova to disable this by default ?

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by koolhead17
close date 2014-06-05 21:16:10.386718

2 answers

Sort by ยป oldest newest most voted

answered 2013-08-21 09:19:56 -0600

gtt116 gravatar image

Hi Kimi,

Exactly, these is no config to stop using nwfilter. But you can try set firewall_driver = nova.virt.firewall.NoopFirewallDriver in nova.conf. But note that all the iptable and nwfilter will gone. I don't think this is a good choice. Maybe you can modify the source code. The codes are around here:

Hoping help you.

edit flag offensive delete link more

answered 2013-08-21 09:27:44 -0600

kimi-zhangkai gravatar image

Hi, Tian tian

This exactly helps me, I did find the way works by disabling firewall_driver.

If nova could support it officially later ,it would be good.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2013-08-21 05:12:32 -0600

Seen: 234 times

Last updated: Aug 21 '13