openstack@openstack03:~/Vega$ neutron firewall-policy-list
+--------------------------------------+------+----------------------------------------+
| id | name | firewall_rules |
+--------------------------------------+------+----------------------------------------+
| 7884fb78-1903-4af6-af3f-55e5c7c047c9 | Demo | [d5578ab5-869b-48cb-be54-85ee9f15d9b2] |
| 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | Test | [8679da8d-200e-4311-bb7d-7febd3f46e37, |
| | | 86ce188d-18ab-49f2-b664-96c497318056] |
+--------------------------------------+------+----------------------------------------+
openstack@openstack03:~/Vega$ neutron firewall-rule-list
+--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
| id | name | firewall_policy_id | summary | enabled |
+--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
| 8679da8d-200e-4311-bb7d-7febd3f46e37 | DenyOne | 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP, | True |
| | | | source: none(none), | |
| | | | dest: 192.168.0.101/32(none), | |
| | | | deny | |
| 86ce188d-18ab-49f2-b664-96c497318056 | AllowAll | 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP, | True |
| | | | source: none(none), | |
| | | | dest: none(none), | |
| | | | allow | |
+--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
openstack@openstack03:~/Vega$ neutron firewall-create --name Test Demo
Firewall Rule d5578ab5-869b-48cb-be54-85ee9f15d9b2 could not be found.
and the firewall above suspend with status=PENDING_CREATE
openstack@openstack03:~/Vega$ neutron firewall-show Test
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 7884fb78-1903-4af6-af3f-55e5c7c047c9 |
| id | 7c59c7da-ace1-4dfa-8b04-2bc6013dbc0a |
| name | Test |
| status | PENDING_CREATE |
| tenant_id | a0794fca47de4631b8e414beea4bd51b |
+--------------------+--------------------------------------+
more detail steps:
under project A:
1.create firewall policy default(
2.create firewall rule default(
3.update firewall policy(share=true)
under project B:
1.create firewall with shared policy under project A
create firewall fail, and the firewall above suspend with status=