Add REJECT action rule for fwaas¶
https://blueprints.launchpad.net/neutron/+spec/fwaas-reject-rule
Add REJECT into action rule of FWaaS. Action rule of current FWaaS contains only ALLOW/DENY. DENY simply discards the data without a response, but REJECT returns a response. Connection source by this response can be judged to be “connection was refused”.
Problem Description¶
Action rule of current FWaaS contains only ALLOW/DENY. DENY simply discards the data without a response, but REJECT returns a response. Without REJECT feature, end users cannot know whether their accesses are super late or rejected. This REJECT feature will be a good option for FWaaS.
Proposed Change¶
Add REJECT into action rule of FWaaS. Connection source by this response can be judged to be “connection was refused”.
Data Model Impact¶
The db schema will be changed as below. * add “reject” into action column in firewall_rules table.
REST API Impact¶
Add REJECT into action rule of FWaaS.
| Attribute Name | Type | Access | Default Value | Validation/ Conversion | Description |
|---|---|---|---|---|---|
| action | string | RW, all | ‘deny’ | ‘allow’, ‘deny’, or ‘reject’ | Action rule |
Security Impact¶
None.
Notifications Impact¶
None.
Other End User Impact¶
None.
Performance Impact¶
None.
IPv6 Impact¶
None.
Other Deployer Impact¶
None.
Developer Impact¶
Another project: * Horizon
Community Impact¶
None.
Alternatives¶
None.
Implementation¶
Assignee(s)¶
- Primary assignee:
- Higuchi Toshiaki <higuchi@mxj.nes.nec.co.jp>
Work Items¶
The work items include:
- Implement neutron-fwaas changes.
- Implement python-neutronclient changes for CLI.
- Implement Horizon changes.
Dependencies¶
None.
Testing¶
Tempest Tests¶
Testing will be added to firewall tests.
Functional Tests¶
Scenario tests will be added to validate REJECT action rule of firewall.
API Tests¶
Testing will be added to firewall tests.
Documentation Impact¶
Admin guide will be updated action rule of FWaaS.
User Documentation¶
User guide will be updated action rule of FWaaS.
Developer Documentation¶
None.
References¶
None.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.