Devstack - iptables chain

asked 2015-04-12 06:03:15 -0500

saravana-os gravatar image

i run ubuntu-14.04 desktop version. my iptables had 3 chains, INPUT, FORWARD, OUTPUT chains defined by default. Then i installed devstack on top of it (No VM here, devstack is in my desktop m/c). And all these below mentioned chains got added onto it.

Chain neutron-filter-top (2 references)

 pkts bytes target     prot opt in     out     source               destination         
82679   22M neutron-openvswi-local  all  --  any    any     anywhere             anywhere            

Chain neutron-openvswi-FORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain neutron-openvswi-INPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain neutron-openvswi-OUTPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain neutron-openvswi-local (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain neutron-openvswi-sg-chain (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain neutron-openvswi-sg-fallback (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  any    any     anywhere             anywhere            

Chain nova-api-FORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain nova-api-INPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  any    any     anywhere             172.19.18.8          tcp dpt:8775

Chain nova-api-OUTPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain nova-api-local (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain nova-filter-top (2 references)
 pkts bytes target     prot opt in     out     source               destination         
92579   24M nova-api-local  all  --  any    any     anywhere             anywhere

i am not seeing these chains belong to any of the tables, FILTER, MANGLE, NAT etc.... so, what are these chains for? and i am seeing, neutron-filter-top and nova-filter-top rules are applied for a lot of packets... like, what packets get these two rules applied?

edit retag flag offensive close merge delete