summaryrefslogtreecommitdiffstats
path: root/roles/os_firewall/README.md
diff options
context:
space:
mode:
authorThomas Wiest <twiest@users.noreply.github.com>2015-03-06 10:00:31 -0500
committerThomas Wiest <twiest@users.noreply.github.com>2015-03-06 10:00:31 -0500
commit3aed7219448ab99377643c71d05f2a26b6e11c99 (patch)
treeb8f16225ad95f5692fca3d4c61c9f5f6235c732b /roles/os_firewall/README.md
parentfbf0302567cfd019a762d9c37f8c10b65b269768 (diff)
parentb7008f070afe2629c9ebcbbdf0af3fa1f6ed9d34 (diff)
downloadopenshift-3aed7219448ab99377643c71d05f2a26b6e11c99.tar.gz
openshift-3aed7219448ab99377643c71d05f2a26b6e11c99.tar.bz2
openshift-3aed7219448ab99377643c71d05f2a26b6e11c99.tar.xz
openshift-3aed7219448ab99377643c71d05f2a26b6e11c99.zip
Merge pull request #94 from detiber/iptables
Add iptables firewall support to openshift-common
Diffstat (limited to 'roles/os_firewall/README.md')
-rw-r--r--roles/os_firewall/README.md66
1 files changed, 66 insertions, 0 deletions
diff --git a/roles/os_firewall/README.md b/roles/os_firewall/README.md
new file mode 100644
index 000000000..fe6318184
--- /dev/null
+++ b/roles/os_firewall/README.md
@@ -0,0 +1,66 @@
+OS Firewall
+===========
+
+OS Firewall manages firewalld and iptables firewall settings for a minimal use
+case (Adding/Removing rules based on protocol and port number).
+
+Requirements
+------------
+
+None.
+
+Role Variables
+--------------
+
+| Name | Default | |
+|---------------------------|---------|----------------------------------------|
+| os_firewall_use_firewalld | True | If false, use iptables |
+| os_firewall_allow | [] | List of service,port mappings to allow |
+| os_firewall_deny | [] | List of service, port mappings to deny |
+
+Dependencies
+------------
+
+None.
+
+Example Playbook
+----------------
+
+Use iptables and open tcp ports 80 and 443:
+```
+---
+- hosts: servers
+ vars:
+ os_firewall_use_firewalld: false
+ os_firewall_allow:
+ - service: httpd
+ port: 80/tcp
+ - service: https
+ port: 443/tcp
+ roles:
+ - os_firewall
+```
+
+Use firewalld and open tcp port 443 and close previously open tcp port 80:
+```
+---
+- hosts: servers
+ vars:
+ os_firewall_allow:
+ - service: https
+ port: 443/tcp
+ os_firewall_deny:
+ - service: httpd
+ port: 80/tcp
+ roles:
+ - os_firewall
+```
+
+License
+-------
+
+ASL 2.0
+
+Author Information
+------------------
+Jason DeTiberus - jdetiber@redhat.com