opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/iptables/README.rst
James E. Blair 085856e318 Add iptables_extra_allowed_groups 
This adds a new variable for the iptables role that allows us to
indicate all members of an ansible inventory group should have
iptables rules added.

It also removes the unused zuul-executor-opendev group, and some
unused variables related to the snmp rule.

Also, collect the generated iptables rules for debugging.

Change-Id: I48746a6527848a45a4debf62fd833527cc392398
Depends-On: https://review.opendev.org/728952
2020-05-20 13:18:29 -07:00

64 lines
1.5 KiB
ReStructuredText
Raw Blame History

Install and configure iptables
**Role Variables**
.. zuul:rolevar:: iptables_allowed_hosts
:default: []
A list of dictionaries, each item in the list is a rule to add for
a host/port combination. The format of the dictionary is:
.. zuul:rolevar:: hostname
The hostname to allow. It will automatically be resolved, and
the inventory IP address will be added to the firewall.
.. zuul:rolevar:: protocol
One of "tcp" or "udp".
.. zuul:rolevar:: port
The port number.
.. zuul:rolevar:: iptables_allowed_groups
:default: []
A list of dictionaries, each item in the list is a rule to add for
a host/port combination. The format of the dictionary is:
.. zuul:rolevar:: group
The ansible inventory group to add. Every host in the group will
be added to the firewall.
.. zuul:rolevar:: protocol
One of "tcp" or "udp".
.. zuul:rolevar:: port
The port number.
.. zuul:rolevar:: iptables_public_tcp_ports
:default: []
A list of public TCP ports to open.
.. zuul:rolevar:: iptables_public_udp_ports
:default: []
A list of public UDP ports to open.
.. zuul:rolevar:: iptables_rules_v4
:default: []
A list of iptables v4 rules. Each item is a string containing the
iptables command line options for the rule.
.. zuul:rolevar:: iptables_rules_v6
:default: []
A list of iptables v6 rules. Each item is a string containing the
iptables command line options for the rule.
View Git Blame Copy Permalink