diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2017-10-20 11:47:24 +0100 |
---|---|---|
committer | Ben Brown <ben.brown@codethink.co.uk> | 2017-10-23 11:11:05 +0000 |
commit | 81be18a1ed0734fdc58fef57abf88a60cb2dba9c (patch) | |
tree | 507db330d60563c2ff233b57452da722f8101801 /firewall.yaml | |
parent | 77027f9911e4705e5956fe2d97229aad0ca8a6dc (diff) | |
download | infrastructure-81be18a1ed0734fdc58fef57abf88a60cb2dba9c.tar.gz |
firewall: Remove obsolete security groups
Diffstat (limited to 'firewall.yaml')
-rw-r--r-- | firewall.yaml | 100 |
1 files changed, 1 insertions, 99 deletions
diff --git a/firewall.yaml b/firewall.yaml index 5b5b7166..714a5775 100644 --- a/firewall.yaml +++ b/firewall.yaml @@ -98,82 +98,10 @@ protocol: udp remote_ip_prefix: 0.0.0.0/0 - - name: database-mysql security group - os_security_group: - name: database-mysql - description: Allow internal machines to access MariaDB database. - state: present - - - name: database security group -- allow incoming TCP on port 3306 for MariaDB connections - os_security_group_rule: - security_group: database-mysql - direction: ingress - port_range_min: 3306 - port_range_max: 3306 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - - name: gerrit security group - os_security_group: - name: gerrit - description: Allow access to Gerrit SSH daemon port 29418, plus HTTP, HTTPS and Git protocol. - state: present - - - name: gerrit security group -- allow incoming TCP on port 80 or cgit and Git-over-HTTP - os_security_group_rule: - security_group: gerrit - direction: ingress - port_range_min: 80 - port_range_max: 80 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - - name: gerrit security group -- allow incoming TCP on port 443 for cgit and Git-over-HTTPS - os_security_group_rule: - security_group: gerrit - direction: ingress - port_range_min: 443 - port_range_max: 443 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - - name: gerrit security group -- allow incoming TCP on port 8080 for Gerrit web frontend - os_security_group_rule: - security_group: gerrit - direction: ingress - port_range_min: 8080 - port_range_max: 8080 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - - name: gerrit security group -- allow incoming TCP on port 9148 for git protocol - os_security_group_rule: - security_group: gerrit - direction: ingress - port_range_min: 9418 - port_range_max: 9418 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - - name: gerrit security group -- allow incoming TCP on port 29148 for Gerrit SSH daemon - os_security_group_rule: - security_group: gerrit - direction: ingress - port_range_min: 29418 - port_range_max: 29418 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - name: git-server security group os_security_group: name: git-server - description: Allow inbound SSH, HTTP, HTTPS, Git, and morph-cache-server requests. + description: Allow inbound SSH, HTTP, HTTPS and Git requests. state: present - name: git-server security group -- allow incoming TCP on port 22 for Git-over-SSH @@ -206,16 +134,6 @@ protocol: tcp remote_ip_prefix: 0.0.0.0/0 - - name: git-server security group -- allow incoming TCP on port 8080 for morph-cache-server protocol - os_security_group_rule: - security_group: git-server - direction: ingress - port_range_min: 8080 - port_range_max: 8080 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - name: git-server security group -- allow incoming TCP on port 9418 for git protocol os_security_group_rule: security_group: git-server @@ -226,22 +144,6 @@ protocol: tcp remote_ip_prefix: 0.0.0.0/0 - - name: internal mail relay security group - os_security_group: - name: internal-mail-relay - description: Allow receiving internal-only connections on port 25 for SMTP - state: present - - - name: internal mail relay security group -- allow incoming TCP from internal hosts on port 25 for SMTP - os_security_group_rule: - security_group: internal-mail-relay - direction: ingress - port_range_min: 25 - port_range_max: 25 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 192.168.222.0/24 - - name: shared-artifact-cache security group os_security_group: name: shared-artifact-cache |