Ask Your Question
0

Is there any way to disable creation of iptable rules under neutron-openvswi-sg-chain for virtual machine tap interfaces in openstack ?

asked 2015-02-18 04:46:30 -0500

Govardhan gravatar image

Is there any way to disable creation of iptable rules under neutron-openvswi-sg-chain for virtual machine tap interfaces in openstack ?

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2015-03-30 03:08:29 -0500

dbaxps gravatar image

If you would do what you want you would be unable open TCP ports on VMs and etc.
Maybe this link will address your question:-
https://ask.openstack.org/en/question...

edit flag offensive delete link more
0

answered 2015-03-29 21:57:40 -0500

Maple Wang gravatar image

as I know, there is a way to disable security group totally:

In /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

firewall_driver = neutron.agent.firewall.NoopFirewallDriver

enable_security_group=false

service openvswitch restart

service neutron-openvswitch-agent restart

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-02-18 04:46:30 -0500

Seen: 1,114 times

Last updated: Mar 30 '15