1 heat_template_version: pike
4 TripleO Firewall settings
9 description: Dictionary packing service data
13 description: Mapping of service_name -> network name. Typically set
14 via parameter_defaults in the resource registry. This
15 mapping overrides those in ServiceNetMapDefaults.
22 description: Role name on which the service is applied
26 description: Parameters specific to the role
30 description: Mapping of service endpoint -> protocol. Typically set
31 via parameter_defaults in the resource registry.
35 description: Whether to manage IPtables rules.
39 description: Whether IPtables rules should be purged before setting up the new ones.
44 description: Role data for the TripleO firewall settings
46 service_name: tripleo_firewall
48 tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
49 tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
51 include ::tripleo::firewall
53 - name: blank ipv6 rule before activating ipv6 firewall.
55 shell: cat /etc/sysconfig/ip6tables > /etc/sysconfig/ip6tables.n-o-upgrade; cat</dev/null>/etc/sysconfig/ip6tables
57 creates: /etc/sysconfig/ip6tables.n-o-upgrade