From 90e512386b98ca86fa57f02709a2fccbbe1c063d Mon Sep 17 00:00:00 2001
From: Jakub Libosvar <libosvar@redhat.com>
Date: Tue, 1 Sep 2015 15:50:48 +0000
Subject: [PATCH] Open vSwitch conntrack based firewall driver

This firewall requires OVS 2.5+ version supporting conntrack and kernel
conntrack datapath support (kernel>=4.3). For more information, see
https://github.com/openvswitch/ovs/blob/master/FAQ.md

As part of this new entry points for current reference firewalls were
added.

Configuration:
in openvswitch_agent.ini:
    - in securitygroup section set firewall_driver to openvswitch

DocImpact
Closes-bug: #1461000

Co-Authored-By: Miguel Angel Ajo Pelayo <mangelajo@redhat.com>
Co-Authored-By: Amir Sadoughi <amir.sadoughi@rackspace.com>

Change-Id: I13e5cda8b5f3a13a60b14d80e54f198f32d7a529
---
 setup.cfg | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/setup.cfg b/setup.cfg
index 922a3e58..b3b93487 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -147,6 +147,11 @@ neutron.interface_drivers =
     linuxbridge = neutron.agent.linux.interface:BridgeInterfaceDriver
     null = neutron.agent.linux.interface:NullDriver
     openvswitch = neutron.agent.linux.interface:OVSInterfaceDriver
+neutron.agent.firewall_drivers =
+    noop = neutron.agent.firewall:NoopFirewallDriver
+    iptables = neutron.agent.linux.iptables_firewall:IptablesFirewallDriver
+    iptables_hybrid = neutron.agent.linux.iptables_firewall:OVSHybridIptablesFirewallDriver
+    openvswitch = neutron.agent.linux.openvswitch_firewall:OVSFirewallDriver
 
 [build_sphinx]
 all_files = 1