1 heat_template_version: ocata
4 TripleO Firewall settings
9 description: Mapping of service_name -> network name. Typically set
10 via parameter_defaults in the resource registry. This
11 mapping overrides those in ServiceNetMapDefaults.
18 description: Mapping of service endpoint -> protocol. Typically set
19 via parameter_defaults in the resource registry.
23 description: Whether to manage IPtables rules.
27 description: Whether IPtables rules should be purged before setting up the new ones.
32 description: Role data for the TripleO firewall settings
34 service_name: tripleo_firewall
36 tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
37 tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
39 include ::tripleo::firewall
41 - name: blank ipv6 rule before activating ipv6 firewall.
43 shell: cat /etc/sysconfig/ip6tables > /etc/sysconfig/ip6tables.n-o-upgrade; cat</dev/null>/etc/sysconfig/ip6tables
45 creates: /etc/sysconfig/ip6tables.n-o-upgrade