Cool! Thanks!!
On 28 October 2013 19:16, Aaron Rosen <aro...@nicira.com> wrote: > Hi Thiago, > > Current, FWaaS only manages what's allowed in and out on router ports. > Security profiles are applied to instances ports directly. > > FYI: The current FWaaS API is somewhat experimental and policy applies > globally to all the routers a tenant owns (i.e: no zone concept yet). > > Aaron > > > On Mon, Oct 28, 2013 at 1:58 PM, Martinx - ジェームズ < > thiagocmarti...@gmail.com> wrote: > >> Guys, >> >> I'm trying to figure out the main differences between FWaaS and "Security >> Groups". >> >> >> * Does it complement each other? Or is FWaaS a "Security Groups" >> replacement...? >> >> * Can FWaaS manage the "Tenant Namespace Router NAT Table"? >> >> * Does FWaaS manage the same iptables/ip6tables tables at L3 Namespace >> router in which the "Security Groups" already manages too? >> >> >> For example, two commands to do (almost) the same thing? Like this: >> >> Open TCP port 80: >> >> FWaaS: >> >> neutron firewall-rule-create --protocol tcp --destination-port 80 --action >> allow >> >> >> Security Groups: >> >> neutron security-group-rule-create --direction ingress --protocol tcp >> --port_range_min 80 --port_range_max 80 <security_group_uuid> >> >> >> I'm a bit confused about the aims and proposals of each approach / >> project... >> >> Thanks! >> Thiago >> >> _______________________________________________ >> Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : openstack@lists.openstack.org >> Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
