icehouse版本openstack部署neutron防火墙-fwaas服务
1) 修改Neutron-Controller节点的neutron.conf
service_plugins添加fwaas服务
service_plugins=router,firewall
[service_providers]增加以下配置,若之前已经配置了vpn或者lbaas,直接在后面用逗号隔开就行了,如下:
service_provider = lbaasxxx,FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
重启neutron-server,# /etc/init.d/neutron-server restart 或者 service neutron-server restart
2) 修改network节点的fwaas.ini配置文件 /etc/neutron/fwaas.ini
[fwaas]
driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True
重启neutron-l3-agent: /etc/init.d/neutron-l3-agent restart 或者 service neutron-l3-agent restart
3) 修改dashboard配置,支持使用FWaaS
在openstack-dashboard的安装节点,/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py
OPENSTACK_NEUTRON_NETWORK = {
'enable_firewall': True,
}
重启dashboard, /etc/init.d/httpd restart 或者service apache2 restart
登陆horizon就可以看到防火墙了。