Hi, Gary Thanks for your response, i have created router, the fact is that firewall rules don't update share status when updating the corresponding firewall policy share=true. so create firewall under another project and thus fail. so i think it's a bug. what do you think?
cheers, Xurong 2014-06-05 22:00 GMT+08:00 Gary Duan <[email protected]>: > Xurong, > > Firewall is colocated with router. You need to create a router, then the > firewall state will be updated. > > Gary > > > On Thu, Jun 5, 2014 at 2:48 AM, Xurong Yang <[email protected]> wrote: > >> Hi, Stackers >> My use case: >> >> under project_id A: >> 1.create firewall rule default(share=false). >> 2.create firewall policy default(share=false). >> 3.attach rule to policy. >> 4.update policy(share=true) >> >> under project_id B: >> 1.create firewall with policy(share=true) based on project A. >> then create firewall fail and suspend with status=PENDING_CREATE >> >> openstack@openstack03:~/Vega$ neutron firewall-policy-list >> +--------------------------------------+------+----------------------------------------+ >> | id | name | firewall_rules >> | >> +--------------------------------------+------+----------------------------------------+ >> | 7884fb78-1903-4af6-af3f-55e5c7c047c9 | Demo | >> [d5578ab5-869b-48cb-be54-85ee9f15d9b2] | >> | 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | Test | >> [8679da8d-200e-4311-bb7d-7febd3f46e37, | >> | | | >> 86ce188d-18ab-49f2-b664-96c497318056] | >> +--------------------------------------+------+----------------------------------------+ >> openstack@openstack03:~/Vega$ neutron firewall-rule-list >> +--------------------------------------+----------+--------------------------------------+--------------------------------+---------+ >> | id | name | firewall_policy_id >> | summary | enabled | >> +--------------------------------------+----------+--------------------------------------+--------------------------------+---------+ >> | 8679da8d-200e-4311-bb7d-7febd3f46e37 | DenyOne | >> 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP, | True >> | >> | | | >> | source: none(none), | | >> | | | >> | dest: 192.168.0.101/32(none), | | >> | | | >> | deny | | >> | 86ce188d-18ab-49f2-b664-96c497318056 | AllowAll | >> 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP, | True >> | >> | | | >> | source: none(none), | | >> | | | >> | dest: none(none), | | >> | | | >> | allow | | >> +--------------------------------------+----------+--------------------------------------+--------------------------------+---------+ >> openstack@openstack03:~/Vega$ neutron firewall-create --name Test >> Demo*Firewall Rule d5578ab5-869b-48cb-be54-85ee9f15d9b2 could not be found.* >> openstack@openstack03:~/Vega$ neutron firewall-show Test >> +--------------------+--------------------------------------+ >> | Field | Value | >> +--------------------+--------------------------------------+ >> | admin_state_up | True | >> | description | | >> | firewall_policy_id | 7884fb78-1903-4af6-af3f-55e5c7c047c9 | >> | id | 7c59c7da-ace1-4dfa-8b04-2bc6013dbc0a | >> | name | Test | >> | status | *PENDING_CREATE* | >> | tenant_id | a0794fca47de4631b8e414beea4bd51b | >> +--------------------+--------------------------------------+ >> >> >> _______________________________________________ >> OpenStack-dev mailing list >> [email protected] >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
