From 73c76b867ddc8a23a30b9a3cac4031189d4178c6 Mon Sep 17 00:00:00 2001 From: Ben Nemec Date: Thu, 26 May 2016 15:02:20 -0500 Subject: [PATCH] Enable firewall by default on the overcloud We firewall the undercloud, which is only listening on the provisioning network anyway, but our default settings leave the overcloud, which needs to be publicly accessible (for a deployment-specific definition of "public"), wide open. This seems like a bad default. Anyone who is deploying additional services can either open the firewall ports themselves as part of the deployment or can set the ManageFirewall param to false. Change-Id: I3731a0a7bc4be94c8e7a289c90d304599634e928 --- overcloud.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overcloud.yaml b/overcloud.yaml index d8955b9ed8..60424885b8 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -411,7 +411,7 @@ parameters: description: Template string to be used to generate instance names type: string ManageFirewall: - default: false + default: true description: Whether to manage IPtables rules. type: boolean PurgeFirewallRules: