I have set my model config Firewall Mode to instance, but it seems that none of the machines / lxd deployed by juju have any firewall rules applied. Any suggestions ?


What could is this on @soumplis? I’ve not tweaked this setting but it seems that it’s really something that varies from provider to provider. In particular, the setting seems to mostly apply to AWS and OpenStack.

Juju doesn’t deploy/manage a firewall where the cloud doesn’t already come with that baked in so perhaps this is something that’s not clear and causing confusion?


Hmmm, interesting clarification. Reading the documentation and especially the model config option firewall-mode, the juju commands list-firewall-rules and set-firewall-rule and also the description of the “expose” option for various charms, I thought that juju could manage natively the firewall on machines deployed by juju.

So, I should manage the hosts firewalling outside of Juju, right ? If that’s the case then I don’t quite understand the actual reason of existence of the juju firewall commands and the expose function :slight_smile:


On cloud platforms like AWS, GCE, Openstack, the instances come with a built in firewall API. These config and settings allow charms to specify how they need those adjusted and Juju enables that as part of state.

In places where there’s not a native firewall API to speak to, MAAS, LXD, manual provider, then firewalling is up to the operator and the Juju functionality doesn’t have any impact.