Major Hayden d8946874c8 V-3851{1,2,3}, V-38686: IPv4 security controls
Mainly a documentation commit with one special case and three exceptions.

Implements: blueprint security-hardening

Change-Id: Ib9607f6df8aaed63b494a7f87af33cb7d3117f1d
2015-10-14 13:43:37 +00:00

424 B

Exception

Although a minimal set of iptables rules are configured on openstack-ansible hosts, the "deny all" requirement of the STIG is not met. This is largely left up to the deployer to do, based on their assessment of their own network segmentation.

Deployers are urged to review the network access controls that are applied on the network devices between their OpenStack environment and the rest of their network.