Is the host computer firewall necessary? Icehouse

asked 2014-05-08 13:05:52 -0600

dro gravatar image

I just ran to an issue where the network node was not able to communicate with the message server, "controller" , when I disabled the firewall on the controller, I saw that it was able to connect without issue. Is the firewall necessary on the host machines?, controller, network and compute?


edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2014-05-08 14:30:03 -0600

mpetason gravatar image

You don't have to run it on the controller. For the network/compute neutron handles the iptable rules, you could add custom rules to allow other traffic to the host if you wanted. It isn't required, but for security you may want to setup custom rules. If you have issues with configuring rules due to familiarity with iptables you could use the "tui" package. It provides a decent text based ui that guides you through setting up rules.

Package: system-config-firewall-tui

edit flag offensive delete link more

answered 2014-05-08 15:03:34 -0600

dro gravatar image

So can I disable it then? I would be providing hardware firewall into the network where i would block/allow traffic.

thanks for you response! :P

edit flag offensive delete link more


You can on the controller. You'll want to launch a few instances to see how neutron manages the iptables rules on the compute/network node. It has to setup NAT rules to let the floating IP addresses know where they need to go.

mpetason gravatar imagempetason ( 2014-05-08 15:06:49 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-05-08 13:05:52 -0600

Seen: 193 times

Last updated: May 08 '14