Hi Takashi, At least in Liberty, with the reference iptables firewall, it looks like setting the admin state of the firewall to DOWN results in traffic hitting only the neutron-l3-agent-fwaas-defau chain. The action there is to DROP all traffic.
James On 1/26/16, 4:15 AM, "Takashi Yamamoto" <[email protected]> wrote: >hi, > >what a firewall with admin_state_up=False should do? >my intuition says such a firewall should pass all traffic. (same as no >firewall) >but the reference implementation seems to block everything. (same as a >firewall without any rules) >i wrote a tempest test case (test_firewall_disable_rule) mirroring the >behaviour of the reference implementation >because i couldn't find any documentation. >but i'm now wondering if it was correct. >is the reference implementation's behavior intended? how other vendors do? > >__________________________________________________________________________ >OpenStack Development Mailing List (not for usage questions) >Unsubscribe: [email protected]?subject:unsubscribe >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
