The Neutron Firewall as a Service (FWaaS) plugin adds perimeter firewall management to networking. FWaaS uses IPTables to apply firewall policy to all Networking routers within a project. FWaaS uses IPTables on the node running Layer-3 agent.
Follow these steps to configure Neutron FWaaS:
In Neutron's main configuration file, under the
DEFAULTsection, set the
service_pluginsparameter to point the FWaaS plugin:
[root@neutron-node ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins neutron.services.firewall.fwaas_plugin.FirewallPlugin
If additional services are configured, you will need to manually edit the file
/etc/neutron/neutron.conf, separate the existing value with a comma, and add
neutron.services.loadbalancer.plugin.LoadBalancerPlugin,for example, loading both L3 and LBaaS would result in the following code:
service_plugins = neutron.services.l3_router.l3_router_plugin.L3RouterPlugin, neutron.services.firewall...