firewall.yml: Remove internal-only security group, which nothing usessam/cleanup

author: Sam Thursfield <sam.thursfield@codethink.co.uk> 2017-07-12 20:38:28 +0100
committer: Sam Thursfield <sam.thursfield@codethink.co.uk> 2017-07-12 21:05:14 +0100
commit: 7058548681cc6f98061e05b8dd298b0d37cd2e3b (patch)
tree: f7b6e55192d7e46b5a1145233d76594d1d0292ec
parent: 2f019b6df1520936d21e483588947a9223a1b01d (diff)
download: infrastructure-sam/cleanup.tar.gz
1 files changed, 0 insertions, 50 deletions
diff --git a/firewall.yaml b/firewall.yaml
index 6556a986..811fe49c 100644
--- a/firewall.yaml
+++ b/firewall.yaml
@@ -63,56 +63,6 @@
             protocol: tcp
             remote_ip_prefix: 0.0.0.0/0
 
-    # This group is an alternative to 'default' for machines that should be
-    # prevented from connecting to the outside world.
-    - name: internal-only security group
-      neutron_sec_group:
-        name: internal-only
-        description: Allow outgoing connections only to local network, and incoming ICMP and SSH
-        state: present
-        auth_url: "{{ ansible_env.OS_AUTH_URL }}"
-        login_username: "{{ ansible_env.OS_USERNAME }}"
-        login_password: "{{ ansible_env.OS_PASSWORD }}"
-        login_tenant_name: "{{ ansible_env.OS_TENANT_NAME }}"
-
-        rules:
-          - direction: egress
-            port_range_min: 0
-            port_range_max: 255
-            ethertype: IPv4
-            protocol: icmp
-            remote_ip_prefix: 192.168.222.0/24
-
-          - direction: egress
-            port_range_min: 1
-            port_range_max: 65535
-            ethertype: IPv4
-            protocol: tcp
-            remote_ip_prefix: 192.168.222.0/24
-
-          - direction: egress
-            port_range_min: 1
-            port_range_max: 65535
-            ethertype: IPv4
-            protocol: udp
-            remote_ip_prefix: 192.168.222.0/24
-
-          # ICMP: allow ping!
-          - direction: ingress
-            port_range_min: 0
-            port_range_max: 255
-            ethertype: IPv4
-            protocol: icmp
-            remote_ip_prefix: 0.0.0.0/0
-
-          # 22: Allow SSH access to all instances.
-          - direction: ingress
-            port_range_min: 22
-            port_range_max: 22
-            ethertype: IPv4
-            protocol: tcp
-            remote_ip_prefix: 0.0.0.0/0
-
     - name: open security group
       neutron_sec_group:
         name: open
author	Sam Thursfield <sam.thursfield@codethink.co.uk>	2017-07-12 20:38:28 +0100
committer	Sam Thursfield <sam.thursfield@codethink.co.uk>	2017-07-12 21:05:14 +0100
commit	7058548681cc6f98061e05b8dd298b0d37cd2e3b (patch)
tree	f7b6e55192d7e46b5a1145233d76594d1d0292ec
parent	2f019b6df1520936d21e483588947a9223a1b01d (diff)
download	infrastructure-sam/cleanup.tar.gz