Neutron includes an advanced service known as Firewall as a Service, or FWaaS, which enables users to create and manage firewalls that provide layer 3 and layer 4 filtering at the perimeter of the network. Using the reference driver and Neutron API, users can:
Apply firewall rules to the traffic entering and leaving the tenant networks attached to Neutron routers
Create and share firewall policies that hold an ordered collection of the firewall rules
Audit firewall rules and policies
The FWaaS extension introduces the following network resources:
Firewall: A logical firewall resource that a tenant can instantiate and manage. A firewall is associated with a single firewall policy.
Firewall policy: An ordered collection of firewall rules that can be shared across tenants.
Firewall rule: A collection of attributes such as layer 3 addresses and layer 4 ports that are allowed or denied access through an interface.
As with security groups, firewalls in Neutron utilize...