Request firewall-control to openstack-network-agents

gboutry · February 16, 2026, 9:16am

name: openstack-network-agents
description: OpenStack Network agents is a snap which goal is to communicate with MicroOVN to create network bridges and plug network interfaces to that bridge.
snapcraft: snap-openstack-network-agents/snap/snapcraft.yaml at main · canonical/snap-openstack-network-agents · GitHub
upstream: GitHub - canonical/snap-openstack-network-agents
upstream-relation: The parts needing these permissions are self hosted in the snap
interfaces:
- firewall-control:
  - request-type: auto-connection
  - reasoning: Features are being migrated for the snap-openstack-hypervisor to allow managing external networks in a dedicated snap. When the user chooses to manage the external network in local connectivity (when the user does not have an extra nic and is fine with that setup), the snap will assign an external bridge address on the nic, and add a firewall rule. (also remove on cleanup / switch to remote connectivity).

The rule managed by the snap is: POSTROUTING -w -t nat -s $ext_subnet, -j “MASQUERADE”, -m comment --comment “openstack-hypervisor external network rule”

(the name openstack-hypervisor is kept for backward compatibility)

store-requests-bot · February 16, 2026, 9:16am

This request has been added to the queue for review by the @reviewers team.

yomonokio · February 17, 2026, 3:34pm

Hello @gboutry!

Given the snap functionality, this is a +1 (#voteFor) from my side, for auto-connecting firewall-control to the openstack-network-agents snap!

elisehdy · February 19, 2026, 1:05am

Hello! Thanks for the detailed request.

This is a +1(#voteFor) for auto-connecting the firewall-control interface for openstack-network-agents given the context and described functionality.

gboutry · February 19, 2026, 8:15am

Thank you both, can this be fast tracked then?

Given it’s a permissions that was already granted for openstack-hypervisor, and we’re migrating these functionalities away in a snap with clear defined purposes?

shishirsub10 · February 20, 2026, 2:46am

+1(#voteFor) from me to grant openstack-network-agents auto-connection to firewall-control interface.

store-requests-bot · February 23, 2026, 12:00am

Voting period has ended. This request is approved with 3 votes for and 0 votes against.

0xnishit · February 25, 2026, 11:50am

Granted autoconnection to the firewall-control interface, this is now live (#approve)