Enable firewall by default on the overcloud

We firewall the undercloud, which is only listening on the provisioning network anyway, but our default settings leave the overcloud, which needs to be publicly accessible (for a deployment-specific definition of "public"), wide open. This seems like a bad default. Anyone who is deploying additional services can either open the firewall ports themselves as part of the deployment or can set the ManageFirewall param to false. Change-Id: I3731a0a7bc4be94c8e7a289c90d304599634e928
author: Ben Nemec <bnemec@redhat.com> 2016-05-26 15:02:20 -0500
committer: Ben Nemec <bnemec@redhat.com> 2016-06-20 13:01:57 -0500
commit: 73c76b867ddc8a23a30b9a3cac4031189d4178c6 (patch)
tree: 968ca6efe2e28efe27d2c6437ddd43131ebe5351
parent: dc0562cc7faff6f7f0876551613e71e35153494d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/overcloud.yaml b/overcloud.yaml
index d8955b9e..60424885 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -411,7 +411,7 @@ parameters:
     description: Template string to be used to generate instance names
     type: string
   ManageFirewall:
-    default: false
+    default: true
     description: Whether to manage IPtables rules.
     type: boolean
   PurgeFirewallRules:
author	Ben Nemec <bnemec@redhat.com>	2016-05-26 15:02:20 -0500
committer	Ben Nemec <bnemec@redhat.com>	2016-06-20 13:01:57 -0500
commit	73c76b867ddc8a23a30b9a3cac4031189d4178c6 (patch)
tree	968ca6efe2e28efe27d2c6437ddd43131ebe5351
parent	dc0562cc7faff6f7f0876551613e71e35153494d (diff)