Bug 1393745

Summary: We need to refactor our firewall support to include support for restricting access to specific hosts.
Product: Red Hat OpenStack Reporter: Leonid Natapov <lnatapov>
Component: opstools-ansibleAssignee: Lars Kellogg-Stedman <lars>
Status: CLOSED CURRENTRELEASE QA Contact: Leonid Natapov <lnatapov>
Severity: high Docs Contact:
Priority: unspecified    
Version: 10.0 (Newton)CC: fdinitto, mmagr, oblaut
Target Milestone: ---Keywords: Tracking
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-08 11:41:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Leonid Natapov 2016-11-10 09:06:48 UTC 
In order to allow access from -- for example -- kibana to elasticsearch, we need to open the firewall for port 9200. The problem is that we are right now doing that without restriction, which provides unrestricted access to the elasticsearch port from anywhere.

This is obviously undesirable.

We need to refactor our firewall support to include support for restricting access to specific hosts.
Comment 2 Martin Magr 2017-11-08 11:41:11 UTC 
Already implemented.