csa/devops/ansible-patches/openshift.git/roles/os_firewall/defaults, branch ands Unnamed repository; edit this file 'description' to name the repository. Default to global setting for firewall. 2017-08-25T19:50:35+00:00 Kenny Woodson kwoodson@redhat.com 2017-08-25T19:50:35+00:00 d9d39f333fe7a68440faa1d433809f6f86bd116d 






Updated README to reflect refactor.  Moved firewall initialize into separate file.
2017-08-11T02:59:48+00:00

Kenny Woodson
kwoodson@redhat.com

2017-08-11T01:13:54+00:00

7d50ffe98dfa17e3fb72627699c794843ed5295d












Default to iptables on master
2017-05-10T19:10:32+00:00

Scott Dodson
sdodson@redhat.com

2017-05-10T19:10:32+00:00

cc18aa0edf3a55954c2227c01eee25d12766702a

We did this in 3.5 but never on master and we never came back to add
migration support. So we'll revert this on master and if/when we add
migration support we'll switch the default.





We did this in 3.5 but never on master and we never came back to add
migration support. So we'll revert this on master and if/when we add
migration support we'll switch the default.







Enable firewalld by default
2016-12-14T19:43:02+00:00

Russell Teague
rteague@redhat.com

2016-11-28T19:43:47+00:00

05e189a039dada5edc4f9afb700b594c4dea4c9b












Default os_firewall_use_firewalld to false in os_firewall and remove overrides.
2016-05-02T18:58:00+00:00

Andrew Butcher
abutcher@redhat.com

2016-05-02T18:20:36+00:00

507a69ed1d1bb3f19ed49d21685840fbd95d1465












Cleanup various deprecation warnings.
2016-04-29T19:44:40+00:00

Andrew Butcher
abutcher@redhat.com

2016-04-28T18:51:16+00:00

00e0d272cdeacdb4bfd78a65b0d282de9ee821dc












Add ability to disable os_firewall
2016-01-05T21:12:10+00:00

Jason DeTiberus
jdetiber@redhat.com

2016-01-05T21:10:32+00:00

5a964c9cbd3c83d1dcfe50ce99e9dcd0a8120c9a












refactor firewall management into new role
2015-03-05T22:37:19+00:00

Jason DeTiberus
jdetiber@redhat.com

2015-03-03T18:06:49+00:00

7c90cacef0f5cf61fb8ac3adb905507dd4247d84

- Add os_firewall role
- Remove firewall settings from base_os, add wait task to os_firewall
- Added a iptables firewall module for maintaining the following (in a mostly
  naive manner):
  - ensure the OPENSHIFT_ALLOW chain is defined
  - ensure that there is a jump rule in the INPUT chain for OPENSHIFT_ALLOW
  - adds or removes entries from the OPENSHIFT_ALLOW chain
  - issues '/usr/libexec/iptables/iptables.init save' when rules are changed
- Limitations of iptables firewall module
  - only allows setting of ports/protocols to open
  - no testing on ipv6 support
- made os_firewall a dependency of openshift_common
- Hardcoded openshift_common to use iptables (through the vars directory)
  until upstream support is in place for firewalld





- Add os_firewall role
- Remove firewall settings from base_os, add wait task to os_firewall
- Added a iptables firewall module for maintaining the following (in a mostly
  naive manner):
  - ensure the OPENSHIFT_ALLOW chain is defined
  - ensure that there is a jump rule in the INPUT chain for OPENSHIFT_ALLOW
  - adds or removes entries from the OPENSHIFT_ALLOW chain
  - issues '/usr/libexec/iptables/iptables.init save' when rules are changed
- Limitations of iptables firewall module
  - only allows setting of ports/protocols to open
  - no testing on ipv6 support
- made os_firewall a dependency of openshift_common
- Hardcoded openshift_common to use iptables (through the vars directory)
  until upstream support is in place for firewalld