1 heat_template_version: pike
4 TripleO Firewall settings
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Role name on which the service is applied
22 description: Parameters specific to the role
26 description: Mapping of service endpoint -> protocol. Typically set
27 via parameter_defaults in the resource registry.
31 description: Whether to manage IPtables rules.
35 description: Whether IPtables rules should be purged before setting up the new ones.
40 description: Role data for the TripleO firewall settings
42 service_name: tripleo_firewall
44 tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
45 tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
47 include ::tripleo::firewall
49 - name: blank ipv6 rule before activating ipv6 firewall.
51 shell: cat /etc/sysconfig/ip6tables > /etc/sysconfig/ip6tables.n-o-upgrade; cat</dev/null>/etc/sysconfig/ip6tables
53 creates: /etc/sysconfig/ip6tables.n-o-upgrade