Version ======= 4.0 on RHEL6.5, puddle 2013-10-03.3 openstack-neutron-2013.2-0.3.3.b3.el6ost, ovs, iptables driver firewall Description =========== Create a firewall rule with the "--disabled" parameter, this parameter is not counter at creation time and the rule is actually created as enabled, only update of the rule with additional command can really change it to disabled. [root@puma10 ~(keystone_admin)]# neutron firewall-rule-create --name "tcp_82_allow_all_all" --destination-port 82 --protocol tcp --action allow --disabled Created a new firewall_rule: +------------------------+--------------------------------------+ | Field | Value | +------------------------+--------------------------------------+ | action | allow | | description | | | destination_ip_address | | | destination_port | 82 | | enabled | True | | firewall_policy_id | | | id | 7fd6c436-1872-4201-a533-bd25e35b29d3 | | ip_version | 4 | | name | tcp_82_allow_all_all | | position | | | protocol | tcp | | shared | False | | source_ip_address | | | source_port | | | tenant_id | 998b938cb25a41a89eb97e0eb324573d | +------------------------+--------------------------------------+
Patch has been merged upstream.
The bug was in the CLI and was fixed u/s. It is not part of Havana but should be available when we do the next re-base