The FWaaS extension provides OpenStack users with the ability to deploy firewalls to protect their networks. The current features provided by the FWaaS extension are:
Apply firewall rules on traffic entering and leaving tenant networks.
Support for applying tcp, udp, icmp, or protocol agnostic rules.
Creation and sharing of firewall policies which hold an ordered collection of the firewall rules.
Ability to audit firewall rules and policies.
This extension introduces new resources:
firewall: represents a logical firewall resource that a tenant can instantiate and manage. A firewall is associated with one firewall_policy.
firewall_policy: is an ordered collection of firewall_rules. A firewall_policy can be shared across tenants. Thus it can also be made part of an audit workflow wherein the firewall_policy can be audited by the relevant entity that is authorized (and can be different from the tenants which create or use the firewall_policy).
firewall_rule: represents a collection of attributes like ports, ip addresses which define match criteria and action (allow, or deny) that needs to be taken on the matched data traffic.