From 7d50ffe98dfa17e3fb72627699c794843ed5295d Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Thu, 10 Aug 2017 21:13:54 -0400
Subject: Updated README to reflect refactor.  Moved firewall initialize into
 separate file.

---
 roles/os_firewall/README.md         | 37 ++++++++++++++-----------------------
 roles/os_firewall/defaults/main.yml |  2 --
 2 files changed, 14 insertions(+), 25 deletions(-)

(limited to 'roles/os_firewall')

diff --git a/roles/os_firewall/README.md b/roles/os_firewall/README.md
index e7ef544f4..be0b8291a 100644
--- a/roles/os_firewall/README.md
+++ b/roles/os_firewall/README.md
@@ -1,8 +1,8 @@
 OS Firewall
 ===========
 
-OS Firewall manages firewalld and iptables firewall settings for a minimal use
-case (Adding/Removing rules based on protocol and port number).
+OS Firewall manages firewalld and iptables installation.
+case.
 
 Note: firewalld is not supported on Atomic Host
 https://bugzilla.redhat.com/show_bug.cgi?id=1403331
@@ -18,8 +18,6 @@ Role Variables
 | Name                      | Default |                                        |
 |---------------------------|---------|----------------------------------------|
 | os_firewall_use_firewalld | False   | If false, use iptables                 |
-| os_firewall_allow         | []      | List of service,port mappings to allow |
-| os_firewall_deny          | []      | List of service, port mappings to deny |
 
 Dependencies
 ------------
@@ -29,34 +27,27 @@ None.
 Example Playbook
 ----------------
 
-Use iptables and open tcp ports 80 and 443:
+Use iptables:
 ```
 ---
 - hosts: servers
-  vars:
-    os_firewall_use_firewalld: false
-    os_firewall_allow:
-    - service: httpd
-      port: 80/tcp
-    - service: https
-      port: 443/tcp
-  roles:
-  - os_firewall
+  task:
+  - include_role:
+      name: os_firewall
+    vars:
+      os_firewall_use_firewalld: false
 ```
 
-Use firewalld and open tcp port 443 and close previously open tcp port 80:
+Use firewalld:
 ```
 ---
 - hosts: servers
   vars:
-    os_firewall_allow:
-    - service: https
-      port: 443/tcp
-    os_firewall_deny:
-    - service: httpd
-      port: 80/tcp
-  roles:
-  - os_firewall
+  tasks:
+  - include_role:
+      name: os_firewall
+    vars:
+      os_firewall_use_firewalld: true
 ```
 
 License
diff --git a/roles/os_firewall/defaults/main.yml b/roles/os_firewall/defaults/main.yml
index 01859e5fc..f96a80f1c 100644
--- a/roles/os_firewall/defaults/main.yml
+++ b/roles/os_firewall/defaults/main.yml
@@ -3,5 +3,3 @@ os_firewall_enabled: True
 # firewalld is not supported on Atomic Host
 # https://bugzilla.redhat.com/show_bug.cgi?id=1403331
 os_firewall_use_firewalld: "{{ False }}"
-os_firewall_allow: []
-os_firewall_deny: []
-- 
cgit v1.2.3