Enabling FWaaS
To enable FWaaS, some changes must be made to Neutron configuration files on the network and controller node. In this environment, the controller serves as the network node. There is no dedicated agent needed to implement FWaaS as the existing Neutron L3 agent handles all firewall functionalities.
Configuring the firewall driver
Neutron stores the FWaaS driver configuration in the /etc/neutron/fwaas_driver.ini file. The most common configuration options will be covered in the following sections.
Defining a device driver
To manage a firewall, Neutron must be configured to use a device driver that provides the interface between the Neutron API and the programming of the service or device.
On the controller node, enable FWaaS and define the iptables device driver in the FWaaS driver configuration file, as follows:
[fwaas] ... enabled = true driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
Configuring Neutron
In addition to configuring the...
