firewall: Remove obsolete security groups

author: Sam Thursfield <sam.thursfield@codethink.co.uk> 2017-10-20 11:47:24 +0100
committer: Ben Brown <ben.brown@codethink.co.uk> 2017-10-23 11:11:05 +0000
commit: 81be18a1ed0734fdc58fef57abf88a60cb2dba9c (patch)
tree: 507db330d60563c2ff233b57452da722f8101801 /firewall.yaml
parent: 77027f9911e4705e5956fe2d97229aad0ca8a6dc (diff)
download: infrastructure-81be18a1ed0734fdc58fef57abf88a60cb2dba9c.tar.gz
1 files changed, 1 insertions, 99 deletions
diff --git a/firewall.yaml b/firewall.yaml
index 5b5b7166..714a5775 100644
--- a/firewall.yaml
+++ b/firewall.yaml
@@ -98,82 +98,10 @@
         protocol: udp
         remote_ip_prefix: 0.0.0.0/0
 
-    - name: database-mysql security group
-      os_security_group:
-        name: database-mysql
-        description: Allow internal machines to access MariaDB database.
-        state: present
-
-    - name: database security group -- allow incoming TCP on port 3306 for MariaDB connections
-      os_security_group_rule:
-        security_group: database-mysql
-        direction: ingress
-        port_range_min: 3306
-        port_range_max: 3306
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: gerrit security group
-      os_security_group:
-        name: gerrit
-        description: Allow access to Gerrit SSH daemon port 29418, plus HTTP, HTTPS and Git protocol.
-        state: present
-
-    - name: gerrit security group -- allow incoming TCP on port 80 or cgit and Git-over-HTTP
-      os_security_group_rule:
-        security_group: gerrit
-        direction: ingress
-        port_range_min: 80
-        port_range_max: 80
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: gerrit security group -- allow incoming TCP on port 443 for cgit and Git-over-HTTPS
-      os_security_group_rule:
-        security_group: gerrit
-        direction: ingress
-        port_range_min: 443
-        port_range_max: 443
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: gerrit security group -- allow incoming TCP on port 8080 for Gerrit web frontend
-      os_security_group_rule:
-        security_group: gerrit
-        direction: ingress
-        port_range_min: 8080
-        port_range_max: 8080
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: gerrit security group -- allow incoming TCP on port 9148 for git protocol
-      os_security_group_rule:
-        security_group: gerrit
-        direction: ingress
-        port_range_min: 9418
-        port_range_max: 9418
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
-    - name: gerrit security group -- allow incoming TCP on port 29148 for Gerrit SSH daemon
-      os_security_group_rule:
-        security_group: gerrit
-        direction: ingress
-        port_range_min: 29418
-        port_range_max: 29418
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
     - name: git-server security group
       os_security_group:
         name: git-server
-        description: Allow inbound SSH, HTTP, HTTPS, Git, and morph-cache-server requests.
+        description: Allow inbound SSH, HTTP, HTTPS and Git requests.
         state: present
 
     - name: git-server security group -- allow incoming TCP on port 22 for Git-over-SSH
@@ -206,16 +134,6 @@
         protocol: tcp
         remote_ip_prefix: 0.0.0.0/0
 
-    - name: git-server security group -- allow incoming TCP on port 8080 for morph-cache-server protocol
-      os_security_group_rule:
-        security_group: git-server
-        direction: ingress
-        port_range_min: 8080
-        port_range_max: 8080
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 0.0.0.0/0
-
     - name: git-server security group -- allow incoming TCP on port 9418 for git protocol
       os_security_group_rule:
         security_group: git-server
@@ -226,22 +144,6 @@
         protocol: tcp
         remote_ip_prefix: 0.0.0.0/0
 
-    - name: internal mail relay security group
-      os_security_group:
-        name: internal-mail-relay
-        description: Allow receiving internal-only connections on port 25 for SMTP
-        state: present
-
-    - name: internal mail relay security group -- allow incoming TCP from internal hosts on port 25 for SMTP
-      os_security_group_rule:
-        security_group: internal-mail-relay
-        direction: ingress
-        port_range_min: 25
-        port_range_max: 25
-        ethertype: IPv4
-        protocol: tcp
-        remote_ip_prefix: 192.168.222.0/24
-
     - name: shared-artifact-cache security group
       os_security_group:
         name: shared-artifact-cache
author	Sam Thursfield <sam.thursfield@codethink.co.uk>	2017-10-20 11:47:24 +0100
committer	Ben Brown <ben.brown@codethink.co.uk>	2017-10-23 11:11:05 +0000
commit	81be18a1ed0734fdc58fef57abf88a60cb2dba9c (patch)
tree	507db330d60563c2ff233b57452da722f8101801 /firewall.yaml
parent	77027f9911e4705e5956fe2d97229aad0ca8a6dc (diff)
download	infrastructure-81be18a1ed0734fdc58fef57abf88a60cb2dba9c.tar.gz