Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Bug 1305123
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh94 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
Bug 1305123
-
RFE: configure iptables rules on overcloud hosts
Summary:
RFE: configure iptables rules on overcloud hosts
Keywords
:
FutureFeature
Triaged
Status
:
CLOSED WONTFIX
Alias:
None
Product:
Red Hat OpenStack
Classification:
Red Hat
Component:
rhosp-director
Sub Component:
---
Version:
7.0 (Kilo)
Hardware:
Unspecified
OS:
Unspecified
Priority:
high
Severity:
high
Target Milestone:
y3
Target Release
:
7.0 (Kilo)
Assignee:
Angus Thomas
QA Contact:
yeylon@redhat.com
Docs Contact:
URL:
Whiteboard:
Depends On:
1274196
Blocks:
TreeView+
depends on
/
blocked
Reported:
2016-02-05 17:59 UTC by
Omri Hochman
Modified:
2020-08-24 05:26 UTC (
History
)
CC List:
10 users
(
show
)
dbecker
dmacpher
dsneddon
emacchi
kbasil
mburns
morazi
oblaut
rhel-osp-director-maint
srevivo
Fixed In Version:
Doc Type:
Release Note
Doc Text:
OSP 7 does not configure iptables or any other firewall on the overcloud bare metal nodes. It is recommended that the provisioning network be protected with an Access Control List (ACL) that allows outbound traffic from the overcloud nodes for DNS, NTP, and updates, but that inbound access be limited. Since the provisioning network is typically the only routed data path for the compute nodes and storage nodes, this will ensure that the compute and storage nodes are protected. Customers may also wish to configure firwalls for the controller nodes, in order to limit access to the Public APIs. This can be done with either with a firewall in the data path above the controller nodes, or iptables may be configured on the controllers after deployment.
Clone Of:
1274196
Environment:
Last Closed:
2016-02-09 16:23:19 UTC
Target Upstream Version:
Embargoed:
Attachments
(Terms of Use)
Links
System
ID
Private
Priority
Status
Summary
Last Updated
OpenStack gerrit
191195
0
None
MERGED
Implement Advanced Firewalling support
2020-08-24 05:25:45 UTC
Comment 2
Angus Thomas
2016-02-09 16:23:19 UTC
Hi Dan, Please note the OSP director doc text for 7.3 Regards, Angus
Note
You need to
log in
before you can comment on or make changes to this bug.