[Rdo-list] Compute Node without firewall (iptables) and Linux bridge

Wed Oct 29 09:51:25 UTC 2014

Can you elaborate on reasons to disable it? Of course it sounds a bit
not optimal, but do you have any performance concerns that you try to
address in this way?

> 
> We using the RDO Icehouse release.
> 
> 
> 
> Here is the configuration in the compute node:
> 
> #/etc/neutron/plugin.ini
> 
> [securitygroup]
> 
> #firewall_driver = 
> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
>
>  firewall_driver = neutron.agent.firewall.NoopFirewall
> 
> # enable_security_group = True
> 
> enable_security_group = False
> 
> 
> 
> #/etc/nova/nova.conf
> 
> firewall_driver = nova.virt.firewall.NoopFirewallDriver
> 
> #security_group_api = neutron
> 
> 
> 
> #/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
> 
> [securitygroup]
> 
> firewall_driver = neutron.agent.firewall.NoopFirewallDriver
> 
> enable_security_group = False
> 
> 
> 
> The firewall seems to be disabled but the bridge and the interfaces
> are being still created.
> 
> I found an older post about it: 
> http://lists.openstack.org/pipermail/openstack/2014-May/007079.html
>
>  But changing ?portbindings.OVS_HYBRID_PLUG" from a hard-coded
> "True" to "False" didn?t change anything.
> 
> 
> 
> Please advise!
> 
> 
> 
> Cheers
> 
> Chris
> 
> 
> 
> 
> 
> _______________________________________________ Rdo-list mailing
> list Rdo-list at redhat.com 
> https://www.redhat.com/mailman/listinfo/rdo-list
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iQEcBAEBCgAGBQJUULidAAoJEC5aWaUY1u57NhEIAJQ4GP+SdJ9TJOQ3AeyMhhit
itqXiwunBQBD5Y5NXtXHzYPxA7r5+nj/ZJLkz8lWXEgf6e7vl5RbOTLxrA1B3pqU
vWppW/jK5RHbMxNqoV0pL/z+HVhxrHeXRO/hbFzQxIyLO1IPkOlENzA5oBuOJtoF
t/cvA0LUfc8uDE21MTS0XFjpwAoLIYj244J6+vCwv2AmwxvU+34D04YvGzfIoXm1
wVDXFItGjT52Lp2+ASdc38lzGOxc/5jXwE4XT4ZXWRTTx6iG8yJ6VXLrZf+915hF
8AJT0MIlTB+LYZ/YntTUtoVxYyJEIfvcblR6l8JTo1iGwSlDpVGvo4h4C82iQu4=
=MoUk
-----END PGP SIGNATURE-----