环境声明:

os centos7.2

openstack mitaka


  1. 安装fwaas

yum -y install openstack-neutron-fwaas

2.在neutron里添加fwaas服务

vim /etc/neutron/neutron.conf

[DEFAULT]
service_plugins = router,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2,firewall
[service_providers]
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default


3.配置fwaas

vim /etc/neutron/fwaas_driver.ini

[DEFAULT]
[fwaas]
driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True


4.在dashboard中启用

vim /etc/openstack-dashboard/local_settings

OPENSTACK_NEUTRON_NETWORK = {
'enable_firewall': True,
}


5.重启各个服务

systemctl restart httpd.service memcached.service

systemctl restart neutron-server.service

systemctl restart neutron-l3-agent.service