Refactor firewall to listen on only on internal networks
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Fuel for OpenStack |
Incomplete
|
Medium
|
Fuel Documentation Team | ||
Bug Description
https:/
commit 27b086f2123992e
Author: Matthew Mosesohn <email address hidden>
Date: Fri Nov 13 17:38:25 2015 +0300
Refactor firewall to listen on only on internal networks
Refactors firewall rules to create source
based rules that only permit connections
from the management network for most services.
The only services that should have public access
are Horizon and OpenStack APIs. And from those,
nova metadata and nova VNC should only be
accessible internally. All other services should
accept connections from private or storage
networks.
New defined type openstack:
accepts firewall definitions with an array of
source networks.
New function prepare_
of firewall rules coming from an array of source
networks.
Removed unneeded openstack:
Obsoleted openstack:
Sorted parameters on openstack::firewall and added
docstrings
DocImpact: TBD
Change-Id: Ie63c01dcbd0bbd
Closes-Bug: #1514014
| Changed in fuel: | |
| importance: | Undecided → Medium |
| assignee: | nobody → Fuel Documentation Team (fuel-docs) |
| milestone: | none → 8.0 |
| Olga Gusarenko (ogusarenko) wrote | #1 |
| Changed in fuel: | |
| status: | New → Incomplete |
| tags: | added: area-docs |
Requires more investigation on what document it affects.