Hello

I’m looking for a way to disable any firewall feature in one of our compute nodes and prevent the creation of the Linux bridge in the data path inside of this compute node.

We using the RDO Icehouse release.

Here is the configuration in the compute node:

#/etc/neutron/plugin.ini

[securitygroup]

#firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

firewall_driver = neutron.agent.firewall.NoopFirewall

# enable_security_group = True

enable_security_group = False

#/etc/nova/nova.conf

firewall_driver = nova.virt.firewall.NoopFirewallDriver

#security_group_api = neutron

#/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

[securitygroup]

firewall_driver = neutron.agent.firewall.NoopFirewallDriver

enable_security_group = False

The firewall seems to be disabled but the bridge and the interfaces are being still created.

I found an older post about it: http://lists.openstack.org/pipermail/openstack/2014-May/007079.html

But changing “portbindings.OVS_HYBRID_PLUG" from a hard-coded "True" to "False" didn’t change anything.

Please advise!

Cheers

Chris