Creating a firewall group with policies and 1 interface ports.
The chain of iptables for neutron-l3-agent-FORWARD is:
Chain neutron-l3-agent-FORWARD (1 references)
pkts bytes target prot opt in out source destination
1000K 84M neutron-l3-agent-scope all -- * * 0.0.0.0/0 0.0.0.0/0
31 2596 neutron-l3-agent-iv4c863a246 all -- * qr-82367b84-06 0.0.0.0/0 0.0.0.0/0
31 2596 neutron-l3-agent-ov4c863a246 all -- qr-82367b84-06 * 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-fwaas-defau all -- * qr-82367b84-06 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-fwaas-defau all -- qr-82367b84-06 * 0.0.0.0/0 0.0.0.0/0
Now add 1 of the ports using:
openstack firewall group set --port <port-id> <fwg>
The chain of iptables for neutron-l3-agent-FORWARD is:
Chain neutron-l3-agent-FORWARD (1 references)
pkts bytes target prot opt in out source destination
1001K 84M neutron-l3-agent-scope all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-iv4c863a246 all -- * qr-59aa1514-36 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-ov4c863a246 all -- qr-59aa1514-36 * 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-fwaas-defau all -- * qr-59aa1514-36 0.0.0.0/0 0.0.0.0/0
0 0 neutron-l3-agent-fwaas-defau all -- qr-59aa1514-36 * 0.0.0.0/0 0.0.0.0/0
Thanks for your submission. Would you please provide more details:
1) What is the expected functionality and how the observed functionality is different?
2) What version of FWaaS and Neutron are you using?