OpenStack provides network security to control access to the virtual networks. Like other network services, the security policy applied to the virtual networks are offered as a self-service feature. The security services are provided either at a network port level using security groups or at the network boundary using the firewall service. In this section, we will discuss the security services provided by the Neutron project.
The security rules that are applied to the incoming and outgoing traffic are based on match condition, which includes the following:
- The source and destination addresses to which the security policy must be applied
- The source and destination ports for the network flow
- The directionality of traffic, Egress/Ingress traffic
The Neutron security services use Linux IPtables to implement security policies.
For more information on how IPtables works on...