Hide Forgot
The RH-OSP "Director Installation and Usage" guide has an "Important" section that mentions that ports should be restricted to a minimum in the "Networking Requirements" section. While this is correct, it is probably worth making it very clear that Director does not configure the firewall in a restrictive manner in this same section. There are more details available in the following comment of the bug that we plan to use for hardening Director in a future RH-OSP release: https://bugzilla.redhat.com/show_bug.cgi?id=1227760#c4
Just a consideration here: instead of a documentation fix, would it be worth filing an engineering bug for the Undercloud install config to add that firewall rule automatically?
Hi Nathan, Checking my backlog and found this BZ. I checked the overcloud firewall and it seems more restrictive. In /etc/sysconfig/iptables, all firewall rules for OSP services are listed and at the end is the following rule: -A INPUT -m state --state NEW -m comment --comment "999 drop all ipv4" -j DROP This should drop any incoming packets that do not satisfy the previous rules. Just want to check with you, do we still need a note about the firewall?
No response for several month on this BZ. Closing it down.