FWaaS is a Neutron extension that introduces a Firewall. This firewall requires a
router so for our tutorial we will setup environment.
- private network (we use 10.1.1.0/24 in this tutorial)
- router with external network connectivity
Now we will create a firewall which allows SSH communication with our private network.
First of all, we will create a rule that allows this kind of communication.
After that we can create a firewall policy that includes this rule.
We can select order of rules in case of adding multiple rules – for example we
can deny some kind of a traffic at first and allow the rest after that.
Finally we can create a firewall with our policy.
And in last step we will assign this firewall to our router.
Now we have a firewall that allows SSH traffic to our network to go trough:
Keep in mind that any traffic that has no rule in firewall will be dropped.
Instances behind such firewall will be unreachable even with an ICMP ping.
Last modified: Nov. 7, 2017