Desc
Although security group is set, and by default it will deny any ingress traffic, but instance still can be ping or provide any other service.
Reference
- according to openstack official guide, in nova.conf, firewall_driver should be set to
nova.virt.firewall.NoopFirewallDriver
and security_group_api should be set toquantum
, or it will cause conflict - in the same material but different section, it seems ok not to modify nova.conf
- according to answer on launchpad, we should set /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini with firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver, however, this only can avoid 404 error by
quantum security-group-*
License: (CC 3.0) BY-NC-SA