Enable firewall by default on the overcloud

We firewall the undercloud, which is only listening on the provisioning network anyway, but our default settings leave the overcloud, which needs to be publicly accessible (for a deployment-specific definition of "public"), wide open. This seems like a bad default. Anyone who is deploying additional services can either open the firewall ports themselves as part of the deployment or can set the ManageFirewall param to false. Change-Id: I3731a0a7bc4be94c8e7a289c90d304599634e928
6 years ago · 73c76b867d
1 changed files with 1 additions and 1 deletions
--- a/overcloud.yaml
+++ b/overcloud.yaml
@ -411,7 +411,7 @@ parameters:
    description: Template string to be used to generate instance names
    type: string
  ManageFirewall:
-    default: false
+    default: true
    description: Whether to manage IPtables rules.
    type: boolean
  PurgeFirewallRules: