# Pastebin ZLlF35KN stack@octavia:~/devstack$ openstack firewall group rule create --protocol icmp --action deny +------------------------+--------------------------------------+ | Field | Value | +------------------------+--------------------------------------+ | Action | deny | | Description | | | Destination IP Address | None | | Destination Port | None | | Enabled | True | | ID | 3496bd65-7214-40f6-983b-760ba691c343 | | IP Version | 4 | | Name | | | Project | 5362ea18e6114fe782933241fab72390 | | Protocol | icmp | | Shared | False | | Source IP Address | None | | Source Port | None | | firewall_policy_id | None | | project_id | 5362ea18e6114fe782933241fab72390 | +------------------------+--------------------------------------+ stack@octavia:~/devstack$ openstack firewall group policy create --firewall-rule 3496bd65-7214-40f6-983b-760ba691c343 test-icmp-deny +----------------+-------------------------------------------+ | Field | Value | +----------------+-------------------------------------------+ | Audited | False | | Description | | | Firewall Rules | [u'3496bd65-7214-40f6-983b-760ba691c343'] | | ID | b59b3e4d-9c10-4f3f-90ed-78e0c0ef2980 | | Name | test-icmp-deny | | Project | 5362ea18e6114fe782933241fab72390 | | Shared | False | | project_id | 5362ea18e6114fe782933241fab72390 | +----------------+-------------------------------------------+ stack@octavia:~/devstack$ openstack firewall group create --ingress-firewall-policy b59b3e4d-9c10-4f3f-90ed-78e0c0ef2980 --port 22b1f02f-17c3-43dd-a015-95f50952b0df +-------------------+-------------------------------------------+ | Field | Value | +-------------------+-------------------------------------------+ | Description | | | Egress Policy ID | None | | ID | b7b1dc5c-9b50-4e44-a194-05b48632b6f5 | | Ingress Policy ID | b59b3e4d-9c10-4f3f-90ed-78e0c0ef2980 | | Name | | | Ports | [u'22b1f02f-17c3-43dd-a015-95f50952b0df'] | | Project | 5362ea18e6114fe782933241fab72390 | | Shared | False | | State | UP | | Status | PENDING_CREATE | | project_id | 5362ea18e6114fe782933241fab72390 | +-------------------+-------------------------------------------+ stack@octavia:~/devstack$ ping 172.24.4.5 PING 172.24.4.5 (172.24.4.5) 56(84) bytes of data. 64 bytes from 172.24.4.5: icmp_seq=1 ttl=63 time=10.1 ms 64 bytes from 172.24.4.5: icmp_seq=2 ttl=63 time=0.456 ms 64 bytes from 172.24.4.5: icmp_seq=3 ttl=63 time=0.468 ms ^C --- 172.24.4.5 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.456/3.697/10.168/4.575 ms stack@octavia:~/devstack$ openstack floating ip list +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+ | ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project | +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+ | 144e5f26-9d1a-4b49-8b22-0440087b6ced | 172.24.4.5 | 10.0.0.5 | 22b1f02f-17c3-43dd-a015-95f50952b0df | e4eb23a1-ab24-4c59-bfff-d64bbd1a77d0 | 5362ea18e6114fe782933241fab72390 | +--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+