Browse Source

Avoid dangling firewall rule for ssh access

Change Ie548f7216610e15af24c96f65a58cc8de603235c introduced a new
parameter, SshFirewallAllowAll, set to True by default.
This parameter allows to add a generic firewall rule allowing, as
its name states, world access to the SSH service.

Until now, if someone changes his mind and decides to deactivate
this opening, the rule will not be removed, although the operator
sets the variable to False.

This patch intends to reflect the operator will regarding ssh access.

Change-Id: I1b4e23b602cf9c41ce6f9a1b602359d7aa7224c0
changes/68/632468/1
Cédric Jeanneret 2 years ago
parent
commit
13ec67a3aa
1 changed files with 6 additions and 1 deletions
  1. +6
    -1
      deployment/sshd/sshd-baremetal-puppet.yaml

+ 6
- 1
deployment/sshd/sshd-baremetal-puppet.yaml View File

@ -87,7 +87,12 @@ outputs:
'003 accept ssh from all':
proto: 'tcp'
dport: 22
- null
- tripleo::sshd::firewall_rules:
'003 accept ssh from all':
proto: 'tcp'
dport: 22
extras:
ensure: 'absent'
step_config: |
include ::tripleo::profile::base::sshd

Loading…
Cancel
Save