Summary
FWaaS enables users to create and manage firewalls that provide layer 3 and layer 4 filtering at the perimeter of tenant networks connected to Neutron routers. The reference driver uses iptables to implement firewalling within router namespaces. FWaaS is often used as a compliment to security groups as it currently lacks some functionality that security groups provide—most notably, the ability to specify the direction of traffic that should be filtered.
FWaaS saw major improvements in the Kilo release and will continue to improve in releases to come. As of Kilo, FWaaS remains in an experimental status and is not recommended for production use. Be sure to reference the OpenStack Neutron Networking guide found at the following URL for up-to-date changes and examples for topics covered in this chapter and others:
http://docs.openstack.org/networking-guide/
In the next chapter, we will explore another advanced Neutron service known as Virtual Private Network as a Service, or VPNaaS...
