devsnack/control-repo
1
0
Fork 0
Code Releases Activity
5f67b1f0c8
control-repo/data/role/puppet_master.yaml
bsper2 5f67b1f0c8 ASDPLNG-38 Add ncsa/puppet-profile_firewall to control_repo 
Add v1.0.2 of ncsa/puppet-profile_firewall

Update puppetlabs/firewall from 2.5.0 to 3.0.0

Add data/role/puppet-master.yaml to set profile_firewall::ignores heira data
so that docker firewall rules are not removed from puppet masters

Include profile_firewall in base.pp
2021-04-06 20:51:44 -06:00

14 lines
479 B
YAML
Raw Blame History

---
profile_firewall::ignores:
DOCKER:filter:IPv4: "*"
DOCKER-ISOLATION-STAGE-1:filter:IPv4: "*"
DOCKER-ISOLATION-STAGE-2:filter:IPv4: "*"
DOCKER-USER:filter:IPv4: "*"
FORWARD:filter:IPv4: ["docker", "DOCKER", "-o"]
DOCKER:nat:IPv4: "*"
PREROUTING:nat:IPv4: "-m addrtype --dst-type LOCAL -j DOCKER"
POSTROUTING:nat:IPv4: ["172.17", "172.18", "172.19"]
OUTPUT:nat:IPv4: "-d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER"
profile_firewall::purge_all: false
View Git Blame Copy Permalink