From 81be18a1ed0734fdc58fef57abf88a60cb2dba9c Mon Sep 17 00:00:00 2001 From: Sam Thursfield Date: Fri, 20 Oct 2017 11:47:24 +0100 Subject: firewall: Remove obsolete security groups --- firewall.yaml | 100 +--------------------------------------------------------- 1 file changed, 1 insertion(+), 99 deletions(-) diff --git a/firewall.yaml b/firewall.yaml index 5b5b7166..714a5775 100644 --- a/firewall.yaml +++ b/firewall.yaml @@ -98,82 +98,10 @@ protocol: udp remote_ip_prefix: 0.0.0.0/0 - - name: database-mysql security group - os_security_group: - name: database-mysql - description: Allow internal machines to access MariaDB database. - state: present - - - name: database security group -- allow incoming TCP on port 3306 for MariaDB connections - os_security_group_rule: - security_group: database-mysql - direction: ingress - port_range_min: 3306 - port_range_max: 3306 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - - name: gerrit security group - os_security_group: - name: gerrit - description: Allow access to Gerrit SSH daemon port 29418, plus HTTP, HTTPS and Git protocol. - state: present - - - name: gerrit security group -- allow incoming TCP on port 80 or cgit and Git-over-HTTP - os_security_group_rule: - security_group: gerrit - direction: ingress - port_range_min: 80 - port_range_max: 80 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - - name: gerrit security group -- allow incoming TCP on port 443 for cgit and Git-over-HTTPS - os_security_group_rule: - security_group: gerrit - direction: ingress - port_range_min: 443 - port_range_max: 443 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - - name: gerrit security group -- allow incoming TCP on port 8080 for Gerrit web frontend - os_security_group_rule: - security_group: gerrit - direction: ingress - port_range_min: 8080 - port_range_max: 8080 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - - name: gerrit security group -- allow incoming TCP on port 9148 for git protocol - os_security_group_rule: - security_group: gerrit - direction: ingress - port_range_min: 9418 - port_range_max: 9418 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - - name: gerrit security group -- allow incoming TCP on port 29148 for Gerrit SSH daemon - os_security_group_rule: - security_group: gerrit - direction: ingress - port_range_min: 29418 - port_range_max: 29418 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - name: git-server security group os_security_group: name: git-server - description: Allow inbound SSH, HTTP, HTTPS, Git, and morph-cache-server requests. + description: Allow inbound SSH, HTTP, HTTPS and Git requests. state: present - name: git-server security group -- allow incoming TCP on port 22 for Git-over-SSH @@ -206,16 +134,6 @@ protocol: tcp remote_ip_prefix: 0.0.0.0/0 - - name: git-server security group -- allow incoming TCP on port 8080 for morph-cache-server protocol - os_security_group_rule: - security_group: git-server - direction: ingress - port_range_min: 8080 - port_range_max: 8080 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 0.0.0.0/0 - - name: git-server security group -- allow incoming TCP on port 9418 for git protocol os_security_group_rule: security_group: git-server @@ -226,22 +144,6 @@ protocol: tcp remote_ip_prefix: 0.0.0.0/0 - - name: internal mail relay security group - os_security_group: - name: internal-mail-relay - description: Allow receiving internal-only connections on port 25 for SMTP - state: present - - - name: internal mail relay security group -- allow incoming TCP from internal hosts on port 25 for SMTP - os_security_group_rule: - security_group: internal-mail-relay - direction: ingress - port_range_min: 25 - port_range_max: 25 - ethertype: IPv4 - protocol: tcp - remote_ip_prefix: 192.168.222.0/24 - - name: shared-artifact-cache security group os_security_group: name: shared-artifact-cache -- cgit v1.2.1