From: Ben Nemec Date: Thu, 26 May 2016 20:02:20 +0000 (-0500) Subject: Enable firewall by default on the overcloud X-Git-Tag: opnfv-6.0.0~1937^2 X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=73c76b867ddc8a23a30b9a3cac4031189d4178c6;p=apex-tripleo-heat-templates.git Enable firewall by default on the overcloud We firewall the undercloud, which is only listening on the provisioning network anyway, but our default settings leave the overcloud, which needs to be publicly accessible (for a deployment-specific definition of "public"), wide open. This seems like a bad default. Anyone who is deploying additional services can either open the firewall ports themselves as part of the deployment or can set the ManageFirewall param to false. Change-Id: I3731a0a7bc4be94c8e7a289c90d304599634e928 --- diff --git a/overcloud.yaml b/overcloud.yaml index d8955b9e..60424885 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -411,7 +411,7 @@ parameters: description: Template string to be used to generate instance names type: string ManageFirewall: - default: false + default: true description: Whether to manage IPtables rules. type: boolean PurgeFirewallRules: