Bases: object
Firewall Driver base class.
Defines methods that any driver providing security groups and provider firewall functionality should implement. Note port attribute should have information of security group ids and security group rules.
device : interface name fixed_ips: ips of the device mac_address: mac_address of the device security_groups: [sgid, sgid] security_group_rules : [ rule, rule ] the rule must contain ethertype and direction the rule may contain security_group_id,
protocol, port_min, port_max source_ip_prefix, source_port_min, source_port_max, dest_ip_prefix, and remote_group_id
Note: source_group_ip in REST API should be converted by this rule if direction is ingress:
remote_group_ip will be a source_ip_prefix
Note: remote_group_id in REST API should be converted by this rule if direction is ingress:
remote_group_id will be a list of source_ip_prefix
remote_group_id will also remaining membership update management
Apply port filter.
Once this method returns, the port should be firewalled appropriately. This method should as far as possible be a no-op. It’s vastly preferred to get everything set up in prepare_port_filter.
defer apply context
Turn off deferral of rules and apply the rules now
Defer application of filtering rule
returns filterd ports
Prepare filters for the port.
This method should be called before the port is created.
Stop filtering port
Refresh security group rules from data store
Gets called when an port gets added to or removed from the security group the port is a member of or if the group gains or looses a rule.
Bases: quantum.agent.firewall.FirewallDriver
Noop Firewall Driver.
Firewall driver which does nothing. This driver is for disabling the firewall functionality.