Enable firewall by default on the overcloud

We firewall the undercloud, which is only listening on the provisioning network anyway, but our default settings leave the overcloud, which needs to be publicly accessible (for a deployment-specific definition of "public"), wide open. This seems like a bad default. Anyone who is deploying additional services can either open the firewall ports themselves as part of the deployment or can set the ManageFirewall param to false. Change-Id: I3731a0a7bc4be94c8e7a289c90d304599634e928
2016-05-26 15:02:20 -05:00 · 2016-05-26 15:02:20 -05:00 · 73c76b867d
commit 73c76b867d
parent dc0562cc7f
1 changed files with 1 additions and 1 deletions
--- a/overcloud.yaml
+++ b/overcloud.yaml
@ -411,7 +411,7 @@ parameters:
    description: Template string to be used to generate instance names
    type: string
  ManageFirewall:
-    default: false
+    default: true
    description: Whether to manage IPtables rules.
    type: boolean
  PurgeFirewallRules: