neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.l2.openvswitch_firewall.firewall.
FWGPortMap
¶Bases: object
create_port
(port, port_dict)¶delete_fwg
(fwg_id)¶get_fwg
(fwg_id)¶get_or_create_fwg
(fwg_id)¶remove_port
(port)¶update_members
(fwg_id, members)¶update_port
(port, port_dict)¶update_rules
(fwg_id, ingress_rules, egress_rules)¶neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.l2.openvswitch_firewall.firewall.
FirewallGroup
(id_)¶Bases: object
get_ethertype_filtered_addresses
(ethertype, exclude_addresses=None)¶update_rules
(ingress_rules, egress_rules)¶Update firewall group with ingress/egress rules.
If a rule has a protocol field, it is normalized to a number here in order to ease later processing.
neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.l2.openvswitch_firewall.firewall.
OFPort
(port_dict, ovs_port, vlan_tag)¶Bases: object
all_allowed_macs
¶ipv4_addresses
¶ipv6_addresses
¶update
(port_dict)¶neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.l2.openvswitch_firewall.firewall.
OVSFirewallDriver
(agent_api, sg_with_ovs=False)¶REQUIRED_PROTOCOLS
= ['OpenFlow10', 'OpenFlow11', 'OpenFlow12', 'OpenFlow13', 'OpenFlow14']¶add_flows_from_rules
(port)¶create_firewall_group
(ports_for_fwg, firewall_group)¶Called when a firewall group is created.
create_rules_generator_for_port
(port)¶Returns a generator emitting rules valid for further processing
Injects necessary fields to feed one-by-one to rules module to transform into valid openflow rules.
delete_all_port_flows
(port)¶Delete all flows for given port
delete_firewall_group
(ports_for_fwg, firewall_group)¶Called when a firewall group is deleted.
filter_defer_apply_off
()¶Turn off deferral of rules and apply the rules now.
filter_defer_apply_on
()¶Defer application of filtering rule.
get_ofport
(port)¶get_or_create_ofport
(port)¶Get ofport specified by port[‘device’], checking and reflecting ofport changes. If ofport is nonexistent, create and return one.
get_ovs_port
(port_id)¶initialize_bridge
(int_br)¶initialize_port_flows
(port)¶Set base flows for port
Parameters: | port – OFPort instance |
---|
is_port_managed
(port)¶ports
¶prepare_port_filter
(port)¶process_trusted_ports
(ports)¶Pass packets from these ports directly to ingress pipeline.
provides_arp_spoofing_protection
= True¶remove_port_filter
(port)¶Remove port from firewall
All flows related to this port are removed from ovs. Port is also removed from ports managed by this firewall.
remove_trusted_ports
(port_ids)¶update_firewall_group
(ports_for_fwg, firewall_group)¶Called when a firewall group is updated.
update_firewall_group_rules
(fwg_id, ingress_rules, egress_rules)¶update_port_filter
(port)¶Update rules for given port
Current existing filtering rules are removed and new ones are generated based on current loaded firewall group rules and members.
Note: port no security should be handled by security group in co-existence mode, otherwise fwg will handle it.
neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.l2.openvswitch_firewall.firewall.
create_reg_numbers
(flow_params)¶Replace reg_(port|net) values with defined register numbers
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.