TripleO Ansible project repository. Contains playbooks for use with TripleO OpenStack deployments.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

63 lines
1.5 KiB

---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_firewall"
# Example rule definition
#
# '003 accept ssh from all':
# proto: 'tcp'
# dport: 22
# '002 remove ssh from all':
# proto: 'tcp'
# dport: 22
# extras:
# ensure: 'absent'
tripleo_firewall_rules: {}
tripleo_firewall_default_rules:
'000 accept related established rules':
proto: all
state:
- RELATED
- ESTABLISHED
'001 accept all icmp':
ipversion: ipv4
proto: icmp
'001 accept all ipv6-icmp':
ipversion: ipv6
proto: ipv6-icmp
'002 accept all to lo interface':
proto: all
interface: lo
'004 accept ipv6 dhcpv6':
ipversion: ipv6
dport: 546
proto: udp
state:
- NEW
destination: 'fe80::/64'
'998 log all':
proto: all
jump: LOG
limit: 20/min
limit_burst: 15
'999 drop all':
proto: all
action: drop