summaryrefslogtreecommitdiffstats
path: root/roles/os_firewall
diff options
context:
space:
mode:
authorKenny Woodson <kwoodson@redhat.com>2017-08-10 21:13:54 -0400
committerKenny Woodson <kwoodson@redhat.com>2017-08-10 22:59:48 -0400
commit7d50ffe98dfa17e3fb72627699c794843ed5295d (patch)
tree8292dff0a7ed50f79a728da44f40d3a08b397aaa /roles/os_firewall
parentba96f5eaf876f6b7568ac73794a08cbe759dceee (diff)
downloadopenshift-7d50ffe98dfa17e3fb72627699c794843ed5295d.tar.gz
openshift-7d50ffe98dfa17e3fb72627699c794843ed5295d.tar.bz2
openshift-7d50ffe98dfa17e3fb72627699c794843ed5295d.tar.xz
openshift-7d50ffe98dfa17e3fb72627699c794843ed5295d.zip
Updated README to reflect refactor. Moved firewall initialize into separate file.
Diffstat (limited to 'roles/os_firewall')
-rw-r--r--roles/os_firewall/README.md37
-rw-r--r--roles/os_firewall/defaults/main.yml2
2 files changed, 14 insertions, 25 deletions
diff --git a/roles/os_firewall/README.md b/roles/os_firewall/README.md
index e7ef544f4..be0b8291a 100644
--- a/roles/os_firewall/README.md
+++ b/roles/os_firewall/README.md
@@ -1,8 +1,8 @@
OS Firewall
===========
-OS Firewall manages firewalld and iptables firewall settings for a minimal use
-case (Adding/Removing rules based on protocol and port number).
+OS Firewall manages firewalld and iptables installation.
+case.
Note: firewalld is not supported on Atomic Host
https://bugzilla.redhat.com/show_bug.cgi?id=1403331
@@ -18,8 +18,6 @@ Role Variables
| Name | Default | |
|---------------------------|---------|----------------------------------------|
| os_firewall_use_firewalld | False | If false, use iptables |
-| os_firewall_allow | [] | List of service,port mappings to allow |
-| os_firewall_deny | [] | List of service, port mappings to deny |
Dependencies
------------
@@ -29,34 +27,27 @@ None.
Example Playbook
----------------
-Use iptables and open tcp ports 80 and 443:
+Use iptables:
```
---
- hosts: servers
- vars:
- os_firewall_use_firewalld: false
- os_firewall_allow:
- - service: httpd
- port: 80/tcp
- - service: https
- port: 443/tcp
- roles:
- - os_firewall
+ task:
+ - include_role:
+ name: os_firewall
+ vars:
+ os_firewall_use_firewalld: false
```
-Use firewalld and open tcp port 443 and close previously open tcp port 80:
+Use firewalld:
```
---
- hosts: servers
vars:
- os_firewall_allow:
- - service: https
- port: 443/tcp
- os_firewall_deny:
- - service: httpd
- port: 80/tcp
- roles:
- - os_firewall
+ tasks:
+ - include_role:
+ name: os_firewall
+ vars:
+ os_firewall_use_firewalld: true
```
License
diff --git a/roles/os_firewall/defaults/main.yml b/roles/os_firewall/defaults/main.yml
index 01859e5fc..f96a80f1c 100644
--- a/roles/os_firewall/defaults/main.yml
+++ b/roles/os_firewall/defaults/main.yml
@@ -3,5 +3,3 @@ os_firewall_enabled: True
# firewalld is not supported on Atomic Host
# https://bugzilla.redhat.com/show_bug.cgi?id=1403331
os_firewall_use_firewalld: "{{ False }}"
-os_firewall_allow: []
-os_firewall_deny: []