From 1143f7e45fd2760b8d5fecc8fbd598078ba92fd3 Mon Sep 17 00:00:00 2001
From: Jeff Peeler <jpeeler@redhat.com>
Date: Thu, 31 Oct 2013 16:21:52 -0400
Subject: [PATCH] Turn off Nova firewall driver when using Neutron

As referenced in the OpenStack documentation, the firewall_driver in
nova.conf should be set to nova.virt.firewall.NoopFirewallDriver, "so
that nova-compute does not perform iptables-based filtering itself".

Without this change, the driver gets set to
nova.virt.libvirt.firewall.IptablesFirewallDriver, which seems to
make networking unusable.

Change-Id: Id9cce0f5f4efe719683aaf3284b128188b61b919
Closes-bug: #1246888
---
 lib/neutron | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/neutron b/lib/neutron
index 9834b59f66..098a589592 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -272,6 +272,7 @@ function create_nova_conf_neutron() {
 
     if [[ "$Q_USE_SECGROUP" == "True" ]]; then
         LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
+        iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
         iniset $NOVA_CONF DEFAULT security_group_api neutron
     fi