diff options
author | Kenny Woodson <kwoodson@redhat.com> | 2017-08-10 21:13:54 -0400 |
---|---|---|
committer | Kenny Woodson <kwoodson@redhat.com> | 2017-08-10 22:59:48 -0400 |
commit | 7d50ffe98dfa17e3fb72627699c794843ed5295d (patch) | |
tree | 8292dff0a7ed50f79a728da44f40d3a08b397aaa /roles/os_firewall | |
parent | ba96f5eaf876f6b7568ac73794a08cbe759dceee (diff) | |
download | openshift-7d50ffe98dfa17e3fb72627699c794843ed5295d.tar.gz openshift-7d50ffe98dfa17e3fb72627699c794843ed5295d.tar.bz2 openshift-7d50ffe98dfa17e3fb72627699c794843ed5295d.tar.xz openshift-7d50ffe98dfa17e3fb72627699c794843ed5295d.zip |
Updated README to reflect refactor. Moved firewall initialize into separate file.
Diffstat (limited to 'roles/os_firewall')
-rw-r--r-- | roles/os_firewall/README.md | 37 | ||||
-rw-r--r-- | roles/os_firewall/defaults/main.yml | 2 |
2 files changed, 14 insertions, 25 deletions
diff --git a/roles/os_firewall/README.md b/roles/os_firewall/README.md index e7ef544f4..be0b8291a 100644 --- a/roles/os_firewall/README.md +++ b/roles/os_firewall/README.md @@ -1,8 +1,8 @@ OS Firewall =========== -OS Firewall manages firewalld and iptables firewall settings for a minimal use -case (Adding/Removing rules based on protocol and port number). +OS Firewall manages firewalld and iptables installation. +case. Note: firewalld is not supported on Atomic Host https://bugzilla.redhat.com/show_bug.cgi?id=1403331 @@ -18,8 +18,6 @@ Role Variables | Name | Default | | |---------------------------|---------|----------------------------------------| | os_firewall_use_firewalld | False | If false, use iptables | -| os_firewall_allow | [] | List of service,port mappings to allow | -| os_firewall_deny | [] | List of service, port mappings to deny | Dependencies ------------ @@ -29,34 +27,27 @@ None. Example Playbook ---------------- -Use iptables and open tcp ports 80 and 443: +Use iptables: ``` --- - hosts: servers - vars: - os_firewall_use_firewalld: false - os_firewall_allow: - - service: httpd - port: 80/tcp - - service: https - port: 443/tcp - roles: - - os_firewall + task: + - include_role: + name: os_firewall + vars: + os_firewall_use_firewalld: false ``` -Use firewalld and open tcp port 443 and close previously open tcp port 80: +Use firewalld: ``` --- - hosts: servers vars: - os_firewall_allow: - - service: https - port: 443/tcp - os_firewall_deny: - - service: httpd - port: 80/tcp - roles: - - os_firewall + tasks: + - include_role: + name: os_firewall + vars: + os_firewall_use_firewalld: true ``` License diff --git a/roles/os_firewall/defaults/main.yml b/roles/os_firewall/defaults/main.yml index 01859e5fc..f96a80f1c 100644 --- a/roles/os_firewall/defaults/main.yml +++ b/roles/os_firewall/defaults/main.yml @@ -3,5 +3,3 @@ os_firewall_enabled: True # firewalld is not supported on Atomic Host # https://bugzilla.redhat.com/show_bug.cgi?id=1403331 os_firewall_use_firewalld: "{{ False }}" -os_firewall_allow: [] -os_firewall_deny: [] |