openstack team mailing list archive

Thread
Date

Re: disable security group in essex

To: Kiall Mac Innes <kiall@xxxxxxxxxxxx>
From: Ritesh Nanda <riteshnanda09@xxxxxxxxx>
Date: Thu, 22 Nov 2012 17:11:55 +0530
Cc: "openstack@xxxxxxxxxxxxxxxxxxx \(openstack@xxxxxxxxxxxxxxxxxxx\)" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAGSj+QvhUx3CH29VPuyYuiDkzOgCgPZDq1yQDBcsYVadbta4iA@mail.gmail.com>

Hey Kevin,

       firewall_driver did'nt worked , libvirt gives error libvirtError:
Network filter not found:, if i specify that flag in nova.conf.

On Wed, Nov 21, 2012 at 7:53 PM, Kiall Mac Innes <kiall@xxxxxxxxxxxx> wrote:

> I've never used it - but I believe you can just set the firewall_driver
> config var to nova.virt.firewall.NoopFirewallDriver
>
> eg in nova.conf add:
>
> --firewall_driver=nova.virt.firewall.NoopFirewallDriver
>
>
> Thanks,
> Kiall
>
>
>
> On Wed, Nov 21, 2012 at 2:14 PM, Kevin Jackson <kevin@xxxxxxxxxxxxxxxxxxx>wrote:
>
>> Hi Ritesh,
>> You will need to have enabled some rules - even if you provide rules that
>> give carte blanch access to your instances. This is courtesy of the
>> 'default' security group - that by design prevents any access and by
>> design, is a default if you don't specify any security groups when
>> launching instances.
>>
>> Whilst its easy to say you shouldn't do what you're intending to do and
>> relying on perimeter security alone, that is not what you're asking and I'm
>> all for choice and learning.
>>
>> So in your instance:
>>
>> nova secgroup-add-rule default tcp 0 65536 0.0.0.0/0
>> nova secgroup-add-rule default udp 0 65536 0.0.0.0/0
>> nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
>>
>> Note this is the netsec equivalent of doing chmod 777 on a file.
>>
>> To actually delete groups though
>>
>> nova secgroup-delete nameOfGroup
>>
>> Regards,
>> Kev
>>
>>
>>  On 21 November 2012 13:45, Ritesh Nanda <riteshnanda09@xxxxxxxxx> wrote:
>>
>>>  Hello,
>>>
>>> Is there anyway we can disable security group in nova, as i would be
>>> using an external firewall to do that.
>>>
>>> --
>>>
>>> * With Regards
>>> *
>>>
>>> * Ritesh Nanda
>>> *
>>>
>>> ***
>>> *
>>> <http://www.ericsson.com/>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>>
>> --
>> Kevin Jackson
>> @itarchitectkev
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>


-- 

* With Regards
*

* Ritesh Nanda
*

***
*
<http://www.ericsson.com/>

References

disable security group in essex
From: Ritesh Nanda, 2012-11-21
Re: disable security group in essex
From: Kevin Jackson, 2012-11-21
Re: disable security group in essex
From: Kiall Mac Innes, 2012-11-21