環境聲明:
os centos7.2
openstack mitaka
安裝fwaas
yum -y install openstack-neutron-fwaas
2.在neutron裏添加fwaas服務
vim /etc/neutron/neutron.conf
[DEFAULT] service_plugins = router,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2,firewall [service_providers] service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
3.配置fwaas
vim /etc/neutron/fwaas_driver.ini
[DEFAULT] [fwaas] driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver enabled = True
4.在dashboard中啓用
vim /etc/openstack-dashboard/local_settings
OPENSTACK_NEUTRON_NETWORK = {
'enable_firewall': True,
}5.重啓各個服務
systemctl restart httpd.service memcached.service
systemctl restart neutron-server.service
systemctl restart neutron-l3-agent.service