Hi Takashi: There were discussions around this sometime in the H cycle w.r.t the reference implementation. IIRC, the consensus was that if a Firewall is configured, the points of insertion should be conservative and drop all traffic when admin_state_up is False. Only removing the Firewall will pass all traffic. And the code does that [1] which u have probab already checked.
[1] https://github.com/openstack/neutron-fwaas/blob/master/neutron_fwaas/servic es/firewall/drivers/linux/iptables_fwaas.py#L120 Thanks Sridar On 1/26/16, 2:15 AM, "Takashi Yamamoto" <[email protected]> wrote: >hi, > >what a firewall with admin_state_up=False should do? >my intuition says such a firewall should pass all traffic. (same as no >firewall) >but the reference implementation seems to block everything. (same as a >firewall without any rules) >i wrote a tempest test case (test_firewall_disable_rule) mirroring the >behaviour of the reference implementation >because i couldn't find any documentation. >but i'm now wondering if it was correct. >is the reference implementation's behavior intended? how other vendors >do? > >__________________________________________________________________________ >OpenStack Development Mailing List (not for usage questions) >Unsubscribe: [email protected]?subject:unsubscribe >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
