A firewall group policy is an ordered collection of firewall rules. A firewall policy can be shared across projects. Thus it can also be made part of an audit workflow wherein the firewall_policy can be audited by the relevant entity that is authorized (and can be different from the projects which create or use the firewall group policy).
Network v2
Insert a rule into a given firewall policy
openstack firewall group policy add rule
[--insert-before <firewall-rule>]
[--insert-after <firewall-rule>]
<firewall-policy>
<firewall-rule>
--insert-before
<firewall-rule>
¶Insert the new rule before this existing rule (name or ID)
--insert-after
<firewall-rule>
¶Insert the new rule after this existing rule (name or ID)
firewall-policy
¶Firewall policy to insert rule (name or ID)
firewall-rule
¶Firewall rule to be inserted (name or ID)
This command is provided by the python-neutronclient plugin.
Create a new firewall policy
openstack firewall group policy create
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--noindent]
[--prefix PREFIX]
[--description DESCRIPTION]
[--audited | --no-audited]
[--share | --public | --private | --no-share]
[--project <project>]
[--project-domain <project-domain>]
[--firewall-rule <firewall-rule> | --no-firewall-rule]
<name>
-f
<FORMATTER>
,
--format
<FORMATTER>
¶the output format, defaults to table
-c
COLUMN
,
--column
COLUMN
¶specify the column(s) to include, can be repeated
--max-width
<integer>
¶Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
--fit-width
¶Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
--print-empty
¶Print empty table if there is no data to show.
--noindent
¶whether to disable indenting the JSON
--prefix
<PREFIX>
¶add a prefix to all variable names
--description
<DESCRIPTION>
¶Description of the firewall policy
--audited
¶Enable auditing for the policy
--no-audited
¶Disable auditing for the policy
Share the firewall policy to be used in all projects (by default, it is restricted to be used by the current project).
--public
¶Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project.) This option is deprecated and would be removed in R release.
--private
¶Restrict use of the firewall policy to the current project.This option is deprecated and would be removed in R release.
Restrict use of the firewall policy to the current project
--project
<project>
¶Owner’s project (name or ID)
--project-domain
<project-domain>
¶Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
--firewall-rule
<firewall-rule>
¶Firewall rule(s) to apply (name or ID)
--no-firewall-rule
¶Unset all firewall rules from firewall policy
name
¶Name for the firewall policy
This command is provided by the python-neutronclient plugin.
Delete firewall policy(s)
openstack firewall group policy delete
<firewall-policy>
[<firewall-policy> ...]
firewall-policy
¶Firewall policy(s) to delete (name or ID)
This command is provided by the python-neutronclient plugin.
List firewall policies
openstack firewall group policy list
[-f {csv,json,table,value,yaml}]
[-c COLUMN]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--noindent]
[--quote {all,minimal,none,nonnumeric}]
[--sort-column SORT_COLUMN]
[--long]
-f
<FORMATTER>
,
--format
<FORMATTER>
¶the output format, defaults to table
-c
COLUMN
,
--column
COLUMN
¶specify the column(s) to include, can be repeated
--max-width
<integer>
¶Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
--fit-width
¶Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
--print-empty
¶Print empty table if there is no data to show.
--noindent
¶whether to disable indenting the JSON
--quote
<QUOTE_MODE>
¶when to include quotes, defaults to nonnumeric
--sort-column
SORT_COLUMN
¶specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated
--long
¶List additional fields in output
This command is provided by the python-neutronclient plugin.
Remove a rule from a given firewall policy
openstack firewall group policy remove rule
<firewall-policy>
<firewall-rule>
firewall-policy
¶Firewall policy to remove rule (name or ID)
firewall-rule
¶Firewall rule to remove from policy (name or ID)
This command is provided by the python-neutronclient plugin.
Set firewall policy properties
openstack firewall group policy set
[--description DESCRIPTION]
[--audited | --no-audited]
[--share | --public | --private | --no-share]
[--name <name>]
[--firewall-rule <firewall-rule>]
[--no-firewall-rule]
<firewall-policy>
--description
<DESCRIPTION>
¶Description of the firewall policy
--audited
¶Enable auditing for the policy
--no-audited
¶Disable auditing for the policy
Share the firewall policy to be used in all projects (by default, it is restricted to be used by the current project).
--public
¶Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project.) This option is deprecated and would be removed in R release.
--private
¶Restrict use of the firewall policy to the current project.This option is deprecated and would be removed in R release.
Restrict use of the firewall policy to the current project
--name
<name>
¶Name for the firewall policy
--firewall-rule
<firewall-rule>
¶Firewall rule(s) to apply (name or ID)
--no-firewall-rule
¶Remove all firewall rules from firewall policy
firewall-policy
¶Firewall policy to update (name or ID)
This command is provided by the python-neutronclient plugin.
Display firewall policy details
openstack firewall group policy show
[-f {json,shell,table,value,yaml}]
[-c COLUMN]
[--max-width <integer>]
[--fit-width]
[--print-empty]
[--noindent]
[--prefix PREFIX]
<firewall-policy>
-f
<FORMATTER>
,
--format
<FORMATTER>
¶the output format, defaults to table
-c
COLUMN
,
--column
COLUMN
¶specify the column(s) to include, can be repeated
--max-width
<integer>
¶Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.
--fit-width
¶Fit the table to the display width. Implied if –max-width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable
--print-empty
¶Print empty table if there is no data to show.
--noindent
¶whether to disable indenting the JSON
--prefix
<PREFIX>
¶add a prefix to all variable names
firewall-policy
¶Firewall policy to show (name or ID)
This command is provided by the python-neutronclient plugin.
Unset firewall policy properties
openstack firewall group policy unset
[--firewall-rule <firewall-rule> | --all-firewall-rule]
[--audited]
[--share]
[--public]
<firewall-policy>
--firewall-rule
<firewall-rule>
¶Remove firewall rule(s) from the firewall policy (name or ID)
--all-firewall-rule
¶Remove all firewall rules from the firewall policy
--audited
¶Disable auditing for the policy
Restrict use of the firewall policy to the current project
--public
¶Restrict use of the firewall policy to the current project. This option is deprecated and would be removed in R release.
firewall-policy
¶Firewall policy to unset (name or ID)
This command is provided by the python-neutronclient plugin.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.