After our work with the OpenStack Neutron LBaaS plugin, let's look at another useful plugin, FireWall as a Service (FWaaS). By enabling the FWaaS agent plugin on our network node, we are able to create and manage firewalls through Neutron API calls. There are drivers for many hardware vendors; the following example uses IPTables to provide the firewalling service.

We configure Neutron FWaaS on the nodes running the Neutron L3 agent (this will be the network node if not using Distributed Virtual Routers (DVR), or the compute node if using DVR) and configure Neutron Server API on the controller nodes to pick up the service. We can also expose the FWaaS feature in Horizon on the controller nodes.