Composable firewall rules

Split out the firewall rules in puppet/hieradata/controller.yaml into the composable services Depends-On: Id370362ab57347b75b1ab25afda877885b047263 Change-Id: Icaecab100d3f278035fbbb3facb9bf6c62c76c03
author: Dan Prince <dprince@redhat.com> 2016-07-20 10:48:23 -0400
committer: Giulio Fidente <gfidente@redhat.com> 2016-07-25 15:24:16 +0200
commit: 5195d7f8910f7d1ce0895caa133b028a727f8622 (patch)
tree: 62ee234150359a79a0134df8dceb1d12a49f11c1 /puppet/services/neutron-dhcp.yaml
parent: f00ed98048a1a24e55dfea64171771ff73216335 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml
index 5b903eac..1c57aa45 100644
--- a/puppet/services/neutron-dhcp.yaml
+++ b/puppet/services/neutron-dhcp.yaml
@@ -28,5 +28,13 @@ outputs:
         map_merge:
           - get_attr: [NeutronBase, role_data, config_settings]
           - neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
+            tripleo.neutron_dhcp.firewall_rules:
+              '115 neutron dhcp input':
+                proto: 'udp'
+                dport: 67
+              '116 neutron dhcp output':
+                proto: 'udp'
+                chain: 'OUTPUT'
+                dport: 68
       step_config: |
         include tripleo::profile::base::neutron::dhcp
author	Dan Prince <dprince@redhat.com>	2016-07-20 10:48:23 -0400
committer	Giulio Fidente <gfidente@redhat.com>	2016-07-25 15:24:16 +0200
commit	5195d7f8910f7d1ce0895caa133b028a727f8622 (patch)
tree	62ee234150359a79a0134df8dceb1d12a49f11c1 /puppet/services/neutron-dhcp.yaml
parent	f00ed98048a1a24e55dfea64171771ff73216335 (diff)