neutron_fwaas.conf

default_fwg_rules

ingress_action
Type

string

Default

deny

Firewall group rule action allow or deny or reject for ingress. Default is deny.

ingress_source_ipv4_address
Type

string

Default

<None>

IPv4 source address for ingress (address or address/netmask). Default is None.

ingress_source_ipv6_address
Type

string

Default

<None>

IPv6 source address for ingress (address or address/netmask). Default is None.

ingress_source_port
Type

string

Default

<None>

Source port number or range (min:max) for ingress. Default is None.

ingress_destination_ipv4_address
Type

string

Default

<None>

IPv4 destination address for ingress (address or address/netmask). Default is None.

ingress_destination_ipv6_address
Type

string

Default

<None>

IPv6 destination address for ingress (address or address/netmask). Default is deny.

ingress_destination_port
Type

string

Default

<None>

Destination port number or range (min:max) for ingress. Default is None.

egress_action
Type

string

Default

allow

Firewall group rule action allow or deny or reject for egress. Default is allow.

egress_source_ipv4_address
Type

string

Default

<None>

IPv4 source address for egress (address or address/netmask). Default is None.

egress_source_ipv6_address
Type

string

Default

<None>

IPv6 source address for egress (address or address/netmask). Default is deny.

egress_source_port
Type

string

Default

<None>

Source port number or range (min:max) for egress. Default is None.

egress_destination_ipv4_address
Type

string

Default

<None>

IPv4 destination address for egress (address or address/netmask). Default is deny.

egress_destination_ipv6_address
Type

string

Default

<None>

IPv6 destination address for egress (address or address/netmask). Default is deny.

egress_destination_port
Type

string

Default

<None>

Destination port number or range (min:max) for egress. Default is None.

shared
Type

boolean

Default

False

Firewall group rule shared. Default is False.

protocol
Type

string

Default

<None>

Network protocols (tcp, udp, …). Default is None.

enabled
Type

boolean

Default

True

Firewall group rule enabled. Default is True.

quotas

quota_firewall_group
Type

integer

Default

10

Number of firewall groups allowed per tenant. A negative value means unlimited.

quota_firewall_policy
Type

integer

Default

10

Number of firewall policies allowed per tenant. A negative value means unlimited.

quota_firewall_rule
Type

integer

Default

100

Number of firewall rules allowed per tenant. A negative value means unlimited.

service_providers

service_provider
Type

multi-valued

Default

''

Defines providers for advanced services using the format: <service_type>:<name>:<driver>[:default]