Puppet Class: openstack::profile::firewall::post

Defined in:

manifests/profile/firewall/post.pp

Overview

post-firewall rules to reject remaining traffic

# File 'manifests/profile/firewall/post.pp', line 2

class openstack::profile::firewall::post {
  firewall { '8999 - Accept all management network traffic':
    proto  => 'all',
    state  => ['NEW'],
    action => 'accept',
    source => hiera('openstack::network::management'),
  }  ->
  firewall { '9999 - Reject remaining traffic':
    proto  => 'all',
    action => 'reject',
    reject => 'icmp-host-prohibited',
    source => '0.0.0.0/0',
  }
}