Merge "Move the firewall disable section into a misc section"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
286cc05973
@ -125,39 +125,6 @@ connectivity.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
Disabling Next Generation Firewall Tools
|
|
||||||
========================================
|
|
||||||
|
|
||||||
DevStack does not properly operate with modern firewall tools. Specifically
|
|
||||||
it will appear as if the guest VM can access the external network via ICMP,
|
|
||||||
but UDP and TCP packets will not be delivered to the guest VM. The root cause
|
|
||||||
of the issue is that both ufw (Uncomplicated Firewall) and firewalld (Fedora's
|
|
||||||
firewall manager) apply firewall rules to all interfaces in the system, rather
|
|
||||||
then per-device. One solution to this problem is to revert to iptables
|
|
||||||
functionality.
|
|
||||||
|
|
||||||
To get a functional firewall configuration for Fedora do the following:
|
|
||||||
|
|
||||||
::
|
|
||||||
|
|
||||||
sudo service iptables save
|
|
||||||
sudo systemctl disable firewalld
|
|
||||||
sudo systemctl enable iptables
|
|
||||||
sudo systemctl stop firewalld
|
|
||||||
sudo systemctl start iptables
|
|
||||||
|
|
||||||
|
|
||||||
To get a functional firewall configuration for distributions containing ufw,
|
|
||||||
disable ufw. Note ufw is generally not enabled by default in Ubuntu. To
|
|
||||||
disable ufw if it was enabled, do the following:
|
|
||||||
|
|
||||||
::
|
|
||||||
|
|
||||||
sudo service iptables save
|
|
||||||
sudo ufw disable
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Neutron Networking with Open vSwitch
|
Neutron Networking with Open vSwitch
|
||||||
====================================
|
====================================
|
||||||
@ -301,3 +268,41 @@ For example, with the above configuration, a bridge is
|
|||||||
created, named `br-ex` which is managed by Open vSwitch, and the
|
created, named `br-ex` which is managed by Open vSwitch, and the
|
||||||
second interface on the compute node, `eth1` is attached to the
|
second interface on the compute node, `eth1` is attached to the
|
||||||
bridge, to forward traffic sent by guest VMs.
|
bridge, to forward traffic sent by guest VMs.
|
||||||
|
|
||||||
|
Miscellaneous Tips
|
||||||
|
==================
|
||||||
|
|
||||||
|
|
||||||
|
Disabling Next Generation Firewall Tools
|
||||||
|
----------------------------------------
|
||||||
|
|
||||||
|
DevStack does not properly operate with modern firewall tools. Specifically
|
||||||
|
it will appear as if the guest VM can access the external network via ICMP,
|
||||||
|
but UDP and TCP packets will not be delivered to the guest VM. The root cause
|
||||||
|
of the issue is that both ufw (Uncomplicated Firewall) and firewalld (Fedora's
|
||||||
|
firewall manager) apply firewall rules to all interfaces in the system, rather
|
||||||
|
then per-device. One solution to this problem is to revert to iptables
|
||||||
|
functionality.
|
||||||
|
|
||||||
|
To get a functional firewall configuration for Fedora do the following:
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
sudo service iptables save
|
||||||
|
sudo systemctl disable firewalld
|
||||||
|
sudo systemctl enable iptables
|
||||||
|
sudo systemctl stop firewalld
|
||||||
|
sudo systemctl start iptables
|
||||||
|
|
||||||
|
|
||||||
|
To get a functional firewall configuration for distributions containing ufw,
|
||||||
|
disable ufw. Note ufw is generally not enabled by default in Ubuntu. To
|
||||||
|
disable ufw if it was enabled, do the following:
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
sudo service iptables save
|
||||||
|
sudo ufw disable
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user