Skip to content
This repository has been archived by the owner on Oct 31, 2024. It is now read-only.

Commit

Permalink
tighten up firewall rules for ssh
Browse files Browse the repository at this point in the history
  • Loading branch information
@larsks
larsks committed Nov 2, 2018
1 parent 40a6085 commit 7ef757b
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions templates/deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,10 +146,18 @@ parameter_defaults:

ExtraConfig:
tripleo::firewall::firewall_rules:
'003 accept ssh from provisioning network':
'002 accept ssh from provisioning network ipv4':
dport: 22
proto: 'tcp'
source: 172.16.0.0/22
source: 172.16.0.0/19
'002 accept ssh from vpn network ipv4':
dport: 22
proto: 'tcp'
source: 172.31.224.0/19
'002 reject all other ssh traffic ipv4':
dport: 22
proto: 'tcp'
action: drop
nova::compute::libvirt::libvirt_cpu_mode: host-passthrough

SSLCertificate: |
Expand Down

1 comment on commit 7ef757b

@larsks
Copy link
Member Author

@larsks larsks commented on 7ef757b Nov 3, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[k2] Public ssh on controllers closed except provision and vpn

Please sign in to comment.