6fb4a728ca
This commit adds a Firewall-as-a-Service v2[1] CLI usage. [1]http://specs.openstack.org/openstack/neutron-specs/specs/newton/fwaas-api-2.0.html Change-Id: Ib271acad29229d78beebc2f1c2bd285c630768df Partial-Implements: blueprint fwaas-api-2.0 Related-Bug: #1609686
5.8 KiB
firewall group policy
A firewall group policy is an ordered collection of firewall rules. A firewall policy can be shared across projects. Thus it can also be made part of an audit workflow wherein the firewall_policy can be audited by the relevant entity that is authorized (and can be different from the projects which create or use the firewall group policy).
Network v2
firewall group policy create
Create a firewall policy for a given project
firewall group policy create
openstack firewall group policy create
Name for the firewall policy.--enable
Enable firewall policy (default).
--disable
Disable firewall policy.
--public
Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project).
--private
Restrict use of the firewall policy to the current project.
--project <project>
Owner's project (name or ID).
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
--description <description>
A description of the firewall policy.
--firewall-rule <firewall-rule>
Firewall rule(s) to apply (name or ID).
--no-firewall-rule
Remove all firewall rules from the firewall policy.
--audited
Enable auditing for the policy.
--no-audited
Disable auditing for the policy.
firewall group policy delete
Delete a given firewall policy
firewall group policy delete
openstack firewall group policy delete
<firewall-policy> [<firewall-policy> ...]
Firewall policy(s) to delete (name or ID).firewall group policy list
List all firewall policies
firewall group policy list
openstack firewall group policy list
[--long]--long
List additional fields in output.
firewall group policy set
Set firewall policy properties
firewall group policy set
openstack firewall group policy set
Firewall policy to set (name or ID).--name <name>
Set firewall policy name.
--enable
Enable firewall policy (default).
--disable
Disable firewall policy.
--public
Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project).
--private
Restrict use of the firewall policy to the current project.
--project <project>
Owner's project (name or ID).
--project-domain <project-domain>
Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.
--description <description>
A description of the firewall policy.
--firewall-rule <firewall-rule>
Firewall rule(s) to apply (name or ID).
--no-firewall-rule
Unset all firewall rules from firewall policy.
--audited
Enable auditing for the policy.
--no-audited
Disable auditing for the policy.
firewall group policy show
Show information of a given firewall policy
firewall group policy show
openstack firewall group policy show
<firewall-policy>
Firewall policy to display (name or ID).firewall group policy unset
Unset firewall policy properties
firewall group policy unset
openstack firewall group policy unset
Firewall policy to unset (name or ID).--enable
Disable firewall policy.
--public
Restrict use of the firewall policy to the current project.
--firewall-rule <firewall-rule>
Firewall rule(s) to unset (name or ID).
--all-firewall-rule
Remove all firewall rules from the firewall policy.
--audited
Disable auditing for the policy.
firewall group policy add rule
Adds a firewall rule in a firewall policy relative to the position of other rules.
firewall group policy add rule
openstack firewall group policy add rule
<firewall-policy>
<firewall-rule>
Firewall policy to add rule (name or ID).<firewall-rule>
Firewall rule to be inserted (name or ID).
--insert-after <firewall-rule>
Insert the new rule after this existing rule (name or ID).
--insert-before <firewall-rule>
Insert the new rule before this existing rule (name or ID).
firewall group policy remove rule
Removes a firewall rule from a firewall policy.
firewall group policy remove rule
openstack firewall group policy remove rule
<firewall-policy>
<firewall-rule>
Firewall policy to remove rule (name or ID).<firewall-rule>
Firewall rule to remove from policy (name or ID).