Bases: object
Firewall Driver base class.
Defines methods that any driver providing security groups and provider firewall functionality should implement.
Apply instance filter.
Once this method returns, the instance should be firewalled appropriately. This method should as far as possible be a no-op. It’s vastly preferred to get everything set up in prepare_instance_filter.
Turn off deferral of IPTables rules and apply the rules now.
Defer application of IPTables rules.
Check nova-instance-instance-xxx exists.
Prepare filters for the instance. At this point, the instance isn’t running yet.
Refresh security group rules from data store
Gets called when an instance gets added to or removed from the security group the instance is a member of or if the group gains or looses a rule.
Refresh common rules for all hosts/instances from data store.
Gets called when a rule has been added to or removed from the list of rules (via admin api).
Refresh security group members from data store
Gets called when an instance gets added to or removed from the security group.
Refresh security group rules from data store
Gets called when a rule has been added to or removed from the security group.
Create rules to block spoofing and allow dhcp.
This gets called when spawning an instance, before prepare_instance_filter().
Stop filtering instance.
Bases: nova.virt.firewall.FirewallDriver
Driver which enforces security groups through iptables rules.
No-op. Everything is done in prepare_instance_filter.
See FirewallDriver docs.
Bases: object
Firewall driver which just provides No-op methods.