Do not limit IP prefix for DHCP rule

In case it's needed to limit access to DHCP servers, rules must be
way more complex then this one, since DHCP uses broadcast.

To avoid complexity, let's just avoid defining remote_ip_prefix
that allows egress traffic for DHCP.

Change-Id: I280c064b4d93bcd78092f02a928d5d6dfb4fda68
This commit is contained in:
Dmitriy Rabotyagov 2023-04-19 11:50:46 +02:00
parent c672dc1848
commit 7c46b9460d
1 changed files with 0 additions and 1 deletions

View File

@ -139,7 +139,6 @@
port_range_min: 67
port_range_max: 67
direction: egress
remote_ip_prefix: "{{ octavia_security_group_rule_cidr }}"
interface: admin
verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_security_group_rule