Neutron includes two methods of providing network-level security to instances: security groups and virtual firewalls. The security group functionality relies on iptables rules to filter traffic on the compute node hosting the instance. Virtual firewalls are provided by the advanced Neutron service known as Firewall as a Service, or FWaaS, which relies on iptables to filter traffic at the perimeter of the network in a Neutron router.
In this chapter, we will focus on security groups and cover some fundamental security features of Neutron, including:
A brief introduction to iptables
Creating and managing security groups
Demonstrating how security groups leverage iptables
Disabling port security