From b5f29853ffec779f0576af9ec2d8e95eace2ce32 Mon Sep 17 00:00:00 2001 From: Alex Schultz Date: Fri, 23 Feb 2018 06:11:39 +0000 Subject: [PATCH] Revert "Add firewall chain configuration" This reverts commit a1ec856e61532daa49f38683857918fd2cc561aa. This change didn't actually solve the problem so it's best not to continue to carry it. The correct fix is for the issue is https://review.openstack.org/547281. Change-Id: I4e6c5f8a1189d7a134c99b45505e7d33df5c6d89 --- puppet/services/tripleo-firewall.yaml | 16 ---------------- ...rewall-chain-management-cf0b38d533646a08.yaml | 6 ------ 2 files changed, 22 deletions(-) delete mode 100644 releasenotes/notes/firewall-chain-management-cf0b38d533646a08.yaml diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index b5ea0e8fba..b92be457ac 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -38,17 +38,6 @@ parameters: default: false description: Whether IPtables rules should be purged before setting up the new ones. type: boolean - FirewallChains: - default: {} - description: > - Firewall chains definitions to manage. The keys of the dictionary must be - in the format "::". When specified, these rules - are merged with { 'FORWARD:filter:IPv4': { 'policy': 'accept' }, - 'FORWARD:filter:IPv6': { 'policy': 'accept' } }. The current available - features 'ensure' Adds or removes a chain (present|absent), 'policy' - Action the packet will performa at the end of the chain (accept|drop|queue|return), - and 'purge' Remove all rules for this change (true|false). - type: json outputs: role_data: @@ -58,11 +47,6 @@ outputs: config_settings: tripleo::firewall::manage_firewall: {get_param: ManageFirewall} tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules} - tripleo::firewall::firewall_chains: - map_merge: - - { 'FORWARD:filter:IPv4': { 'policy': 'accept' }, - 'FORWARD:filter:IPv6': { 'policy': 'accept' } } - - {get_param: FirewallChains} step_config: | include ::tripleo::firewall upgrade_tasks: diff --git a/releasenotes/notes/firewall-chain-management-cf0b38d533646a08.yaml b/releasenotes/notes/firewall-chain-management-cf0b38d533646a08.yaml deleted file mode 100644 index bf67ff870e..0000000000 --- a/releasenotes/notes/firewall-chain-management-cf0b38d533646a08.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Adds `FirewallChains` parameter that can be used to manage the defined - firewall chains. By default the FORWARD chain configured to be present - and set to ACCEPT.