d8946874c8
Mainly a documentation commit with one special case and three exceptions. Implements: blueprint security-hardening Change-Id: Ib9607f6df8aaed63b494a7f87af33cb7d3117f1d
424 B
424 B
Exception
Although a minimal set of iptables rules are configured on openstack-ansible hosts, the "deny all" requirement of the STIG is not met. This is largely left up to the deployer to do, based on their assessment of their own network segmentation.
Deployers are urged to review the network access controls that are applied on the network devices between their OpenStack environment and the rest of their network.