neutron_fwaas.conf¶
default_fwg_rules¶
- ingress_action¶
- Type
string
- Default
deny
Firewall group rule action allow or deny or reject for ingress. Default is deny.
- ingress_source_ipv4_address¶
- Type
string
- Default
<None>
IPv4 source address for ingress (address or address/netmask). Default is None.
- ingress_source_ipv6_address¶
- Type
string
- Default
<None>
IPv6 source address for ingress (address or address/netmask). Default is None.
- ingress_source_port¶
- Type
string
- Default
<None>
Source port number or range (min:max) for ingress. Default is None.
- ingress_destination_ipv4_address¶
- Type
string
- Default
<None>
IPv4 destination address for ingress (address or address/netmask). Default is None.
- ingress_destination_ipv6_address¶
- Type
string
- Default
<None>
IPv6 destination address for ingress (address or address/netmask). Default is deny.
- ingress_destination_port¶
- Type
string
- Default
<None>
Destination port number or range (min:max) for ingress. Default is None.
- egress_action¶
- Type
string
- Default
allow
Firewall group rule action allow or deny or reject for egress. Default is allow.
- egress_source_ipv4_address¶
- Type
string
- Default
<None>
IPv4 source address for egress (address or address/netmask). Default is None.
- egress_source_ipv6_address¶
- Type
string
- Default
<None>
IPv6 source address for egress (address or address/netmask). Default is deny.
- egress_source_port¶
- Type
string
- Default
<None>
Source port number or range (min:max) for egress. Default is None.
- egress_destination_ipv4_address¶
- Type
string
- Default
<None>
IPv4 destination address for egress (address or address/netmask). Default is deny.
- egress_destination_ipv6_address¶
- Type
string
- Default
<None>
IPv6 destination address for egress (address or address/netmask). Default is deny.
- egress_destination_port¶
- Type
string
- Default
<None>
Destination port number or range (min:max) for egress. Default is None.
- Type
boolean
- Default
False
Firewall group rule shared. Default is False.
- protocol¶
- Type
string
- Default
<None>
Network protocols (tcp, udp, …). Default is None.
- enabled¶
- Type
boolean
- Default
True
Firewall group rule enabled. Default is True.
quotas¶
- quota_firewall_group¶
- Type
integer
- Default
10
Number of firewall groups allowed per tenant. A negative value means unlimited.
- quota_firewall_policy¶
- Type
integer
- Default
10
Number of firewall policies allowed per tenant. A negative value means unlimited.
- quota_firewall_rule¶
- Type
integer
- Default
100
Number of firewall rules allowed per tenant. A negative value means unlimited.
service_providers¶
- service_provider¶
- Type
multi-valued
- Default
''
Defines providers for advanced services using the format: <service_type>:<name>:<driver>[:default]