To enable FWaaS, some changes must be made to Neutron configuration files on the network and controller node. In this environment, the controller serves as the network node. There is no dedicated agent needed to implement FWaaS as the existing Neutron L3 agent handles all firewall functionalities.
On the controller node, enable FWaaS and define the
iptables device driver in the FWaaS driver configuration file, as follows:
[fwaas] ... enabled = true driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver