From 7322d60610764f728ce58d4e8a39a6c54c652643 Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Thu, 6 Oct 2016 11:18:14 -0400
Subject: Enable firewalling by default on compute nodes

- Move VXLAN and VRRP rules from Neutron Server to the right services.
- Enable Firewall by default on Compute nodes.

Change-Id: I99d172dcedaf6be297aad184cc51fe9f292a57e1
---
 puppet/services/neutron-l3.yaml | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'puppet/services/neutron-l3.yaml')

diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index 9e223374..a89e3d75 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -67,5 +67,8 @@ outputs:
           - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
             neutron::agents::l3::router_delete_namespaces: True
             neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode}
+            tripleo.neutron_l3.firewall_rules:
+              '106 neutron_l3 vrrp':
+                proto: vrrp
       step_config: |
         include tripleo::profile::base::neutron::l3
-- 
cgit 1.2.3-korg