Closed psteinmetzcid closed 11 months ago
Hey, personally I think this is out-out-scope for the collection. Since we cannot anticipate every possible firewall configuration/tooling on the nodes.
My suggestion is to have pre_tasks
, with custom Ansible code to take care of this.
What do you think @widhalmt @DanOPT ?
This is similar to in-scope-out-out-scope discussion here
https://github.com/NETWAYS/ansible-collection-elasticstack/issues/177
Hey, thanks for the input.
Personally I'd say firewall configuration is still a bit more out of scope than installation of specific versions or setting them on hold. We usually use https://github.com/geerlingguy/ansible-role-firewall as a combination for managing the firewall.
To add my two cents: Firewall rules are imo definitely out of scope, i don't think we should add this to the collection, please see already existing roles.
Closing this issue now
Our servers are additionally protected by ufw.
A great addition would be the automatic configuration of the firewall rules (ufw/firewalld) during the installation of the stack.