openstack team mailing list archive

Thread
Date

Re: disable security group in essex

To: Kevin Jackson <kevin@xxxxxxxxxxxxxxxxxxx>
From: Kiall Mac Innes <kiall@xxxxxxxxxxxx>
Date: Wed, 21 Nov 2012 14:23:38 +0000
Cc: "openstack@xxxxxxxxxxxxxxxxxxx \(openstack@xxxxxxxxxxxxxxxxxxx\)" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CACbLkcn-rgrJ9z_B7KgXUyOYKvi4ZkQAT8WkL5vkfFvshwFnjQ@mail.gmail.com>

I've never used it - but I believe you can just set the firewall_driver
config var to nova.virt.firewall.NoopFirewallDriver

eg in nova.conf add:

--firewall_driver=nova.virt.firewall.NoopFirewallDriver


Thanks,
Kiall


On Wed, Nov 21, 2012 at 2:14 PM, Kevin Jackson <kevin@xxxxxxxxxxxxxxxxxxx>wrote:

> Hi Ritesh,
> You will need to have enabled some rules - even if you provide rules that
> give carte blanch access to your instances. This is courtesy of the
> 'default' security group - that by design prevents any access and by
> design, is a default if you don't specify any security groups when
> launching instances.
>
> Whilst its easy to say you shouldn't do what you're intending to do and
> relying on perimeter security alone, that is not what you're asking and I'm
> all for choice and learning.
>
> So in your instance:
>
> nova secgroup-add-rule default tcp 0 65536 0.0.0.0/0
> nova secgroup-add-rule default udp 0 65536 0.0.0.0/0
> nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
>
> Note this is the netsec equivalent of doing chmod 777 on a file.
>
> To actually delete groups though
>
> nova secgroup-delete nameOfGroup
>
> Regards,
> Kev
>
>
>  On 21 November 2012 13:45, Ritesh Nanda <riteshnanda09@xxxxxxxxx> wrote:
>
>>  Hello,
>>
>> Is there anyway we can disable security group in nova, as i would be
>> using an external firewall to do that.
>>
>> --
>>
>> * With Regards
>> *
>>
>> * Ritesh Nanda
>> *
>>
>> ***
>> *
>> <http://www.ericsson.com/>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>
> --
> Kevin Jackson
> @itarchitectkev
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

Follow ups

Re: disable security group in essex
From: Ritesh Nanda, 2012-11-22

References

disable security group in essex
From: Ritesh Nanda, 2012-11-21
Re: disable security group in essex
From: Kevin Jackson, 2012-11-21