summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBen Nemec <bnemec@redhat.com>2016-05-26 15:02:20 -0500
committerBen Nemec <bnemec@redhat.com>2016-06-20 13:01:57 -0500
commit73c76b867ddc8a23a30b9a3cac4031189d4178c6 (patch)
tree968ca6efe2e28efe27d2c6437ddd43131ebe5351
parentdc0562cc7faff6f7f0876551613e71e35153494d (diff)
Enable firewall by default on the overcloud
We firewall the undercloud, which is only listening on the provisioning network anyway, but our default settings leave the overcloud, which needs to be publicly accessible (for a deployment-specific definition of "public"), wide open. This seems like a bad default. Anyone who is deploying additional services can either open the firewall ports themselves as part of the deployment or can set the ManageFirewall param to false. Change-Id: I3731a0a7bc4be94c8e7a289c90d304599634e928
-rw-r--r--overcloud.yaml2
1 files changed, 1 insertions, 1 deletions
diff --git a/overcloud.yaml b/overcloud.yaml
index d8955b9e..60424885 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -411,7 +411,7 @@ parameters:
description: Template string to be used to generate instance names
type: string
ManageFirewall:
- default: false
+ default: true
description: Whether to manage IPtables rules.
type: boolean
PurgeFirewallRules: