FWaaS enables users to create and manage firewalls that provide layer 3 and layer 4 filtering at the perimeter of tenant networks connected to Neutron routers. The reference driver uses iptables to implement firewalling within router namespaces. FWaaS is often used as a compliment to security groups as it currently lacks some functionality that security groups provide—most notably, the ability to specify the direction of traffic that should be filtered.

FWaaS saw major improvements in the Kilo release and will continue to improve in releases to come. As of Kilo, FWaaS remains in an experimental status and is not recommended for production use. Be sure to reference the OpenStack Neutron Networking guide found at the following URL for up-to-date ...