Assign the cloud firewall to the cloud router port and disconnect from the port
Assign the cloud firewall to the cloud router port and disconnect from the port
Assign a firewall to a router port
You cannot assign more than one firewall to a single router port.
carefully
Inbound and outbound traffic that is not allowed in the cloud firewall rules will be denied on the cloud router port. Active sessions on the router will be interrupted, which cannot be set by the new rules.
Control panel
OpenStack CLI
- В control panels go to Cloud platform → Firewalls.
- Open the firewall page → tab Ports.
- Click Assign to port.
- Select the private subnet connected to the cloud router for which you want to configure traffic filtering.
- Click Assign to port.
- Click Assign.
-
Assign a firewall to the router port:
openstack firewall group set --port <router_port> <firewall>Specify:
<router_port>— The ID or port name of the router to which the firewall will be assigned. You can view the list using the commandopenstack port list. To assign a firewall to more than one router port, list their names or IDs separated by a space;<firewall>— ID or name of the firewall. You can view the list using the commandopenstack firewall group list.
Disconnect the firewall from the router port
carefully
Cloud firewall rules will no longer apply — all inbound and outbound traffic that passes through the cloud router port will be allowed.
Control panel
OpenStack CLI
- В control panels go to Cloud platform → Firewalls.
- Open the firewall page → tab Ports.
- On the router's port bar, click .
- Click Disconnect.
-
Disconnect the firewall from the router port:
openstack firewall group unset --port <router_port> <firewall>Specify:
<router_port>— ID or port name of the router from which the firewall will be disconnected. The list can be viewed using the commandopenstack port list;<firewall>— ID or name of the firewall. You can view the list using the commandopenstack firewall group list.