Sample neutron_fwaas.conf

This sample configuration can also be viewed in the raw format.

[DEFAULT]


[default_fwg_rules]

#
# From neutron.fwaas
#

# Firewall group rule action allow or deny or reject for ingress. Default is
# deny. (string value)
#ingress_action = deny

# IPv4 source address for ingress (address or address/netmask). Default is
# None. (string value)
#ingress_source_ipv4_address = <None>

# IPv6 source address for ingress (address or address/netmask). Default is
# None. (string value)
#ingress_source_ipv6_address = <None>

# Source port number or range (min:max) for ingress. Default is None. (string
# value)
#ingress_source_port = <None>

# IPv4 destination address for ingress (address or address/netmask). Default is
# None. (string value)
#ingress_destination_ipv4_address = <None>

# IPv6 destination address for ingress (address or address/netmask). Default is
# deny. (string value)
#ingress_destination_ipv6_address = <None>

# Destination port number or range (min:max) for ingress. Default is None.
# (string value)
#ingress_destination_port = <None>

# Firewall group rule action allow or deny or reject for egress. Default is
# allow. (string value)
#egress_action = allow

# IPv4 source address for egress (address or address/netmask). Default is None.
# (string value)
#egress_source_ipv4_address = <None>

# IPv6 source address for egress (address or address/netmask). Default is deny.
# (string value)
#egress_source_ipv6_address = <None>

# Source port number or range (min:max) for egress. Default is None. (string
# value)
#egress_source_port = <None>

# IPv4 destination address for egress (address or address/netmask). Default is
# deny. (string value)
#egress_destination_ipv4_address = <None>

# IPv6 destination address for egress (address or address/netmask). Default is
# deny. (string value)
#egress_destination_ipv6_address = <None>

# Destination port number or range (min:max) for egress. Default is None.
# (string value)
#egress_destination_port = <None>

# Firewall group rule shared. Default is False. (boolean value)
#shared = false

# Network protocols (tcp, udp, ...). Default is None. (string value)
#protocol = <None>

# Firewall group rule enabled. Default is True. (boolean value)
#enabled = true


[quotas]

#
# From neutron.fwaas
#

# Number of firewall groups allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_firewall_group = 10

# Number of firewall policies allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_firewall_policy = 10

# Number of firewall rules allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_firewall_rule = 100


[service_providers]

#
# From neutron.fwaas
#

# Defines providers for advanced services using the format:
# <service_type>:<name>:<driver>[:default] (multi valued)
#service_provider =