1393745 – We need to refactor our firewall support to include support for restricting access to specific hosts.

Bug 1393745 - We need to refactor our firewall support to include support for restricting access to specific hosts.

Summary: We need to refactor our firewall support to include support for restricting a...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	opstools-ansible
Sub Component:
Version:	10.0 (Newton)
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Lars Kellogg-Stedman
QA Contact:	Leonid Natapov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-10 09:06 UTC by Leonid Natapov
Modified:	2017-11-08 11:41 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-11-08 11:41:11 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Leonid Natapov 2016-11-10 09:06:48 UTC

In order to allow access from -- for example -- kibana to elasticsearch, we need to open the firewall for port 9200. The problem is that we are right now doing that without restriction, which provides unrestricted access to the elasticsearch port from anywhere.

This is obviously undesirable.

We need to refactor our firewall support to include support for restricting access to specific hosts.

Comment 2 Martin Magr 2017-11-08 11:41:11 UTC

Already implemented.

Note You need to log in before you can comment on or make changes to this bug.