This is the responsibility of the deployment tool. The iptables
firewall driver only handles firewall rules for the VM ports.

On Fri, Sep 19, 2014 at 6:28 AM, Andreas Scheuring
<scheu...@linux.vnet.ibm.com> wrote:
> Hi
> I just was playing around with various neutron-openvswitch-agent vxlan
> configurations. The default port for vxlan traffic is 4789. I had
> expected that when the neutron-openvswitch-agent reads the configured
> vxlan port (or gets the default) it also would add an iptables rule to
> allow incoming traffic via this port. But this did not happen.
>
>
> Is it because such an iptables setup is to be considered as hypervisor
> setup which is not done by openstack? Or should this be the job of the
> firewall driver (in my case ovshybridiptablesfirewall driver)?
>
> Any thoughts on this?
>
> Thanks
>
>
> --
> Andreas
> (irc: scheuran)
>
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Kevin Benton

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to