diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index b5ea0e8fba..b92be457ac 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -38,17 +38,6 @@ parameters: default: false description: Whether IPtables rules should be purged before setting up the new ones. type: boolean - FirewallChains: - default: {} - description: > - Firewall chains definitions to manage. The keys of the dictionary must be - in the format "::". When specified, these rules - are merged with { 'FORWARD:filter:IPv4': { 'policy': 'accept' }, - 'FORWARD:filter:IPv6': { 'policy': 'accept' } }. The current available - features 'ensure' Adds or removes a chain (present|absent), 'policy' - Action the packet will performa at the end of the chain (accept|drop|queue|return), - and 'purge' Remove all rules for this change (true|false). - type: json outputs: role_data: @@ -58,11 +47,6 @@ outputs: config_settings: tripleo::firewall::manage_firewall: {get_param: ManageFirewall} tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules} - tripleo::firewall::firewall_chains: - map_merge: - - { 'FORWARD:filter:IPv4': { 'policy': 'accept' }, - 'FORWARD:filter:IPv6': { 'policy': 'accept' } } - - {get_param: FirewallChains} step_config: | include ::tripleo::firewall upgrade_tasks: diff --git a/releasenotes/notes/firewall-chain-management-cf0b38d533646a08.yaml b/releasenotes/notes/firewall-chain-management-cf0b38d533646a08.yaml deleted file mode 100644 index bf67ff870e..0000000000 --- a/releasenotes/notes/firewall-chain-management-cf0b38d533646a08.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Adds `FirewallChains` parameter that can be used to manage the defined - firewall chains. By default the FORWARD chain configured to be present - and set to ACCEPT.