Closed blackliner closed 1 year ago
Hey @blackliner You should be able to extend the firewall variable files to add additional ports (ie: https://github.com/maas/maas-ansible-playbook/blob/main/group_vars/maas_region_controller/60-firewall), which is an approach I would definitely recommend!
You did mention a specific use case however, so I'm wondering if #141 address your issue? that should allow per-host disabling of the firewall setup. For security sake that should definitely be an option secondary to the above.
Closing this issue due to #141 landing. Feel free to re-open this if it doesn't address the issue!
I want to avoid this playbook touching any iptable rules, is there a way to disable
roles/maas_firewall/tasks/setup_firewall_rules.yaml
completely?Background: It took me somewhat of an hour to figure out why local traffic works, but no ping or curl command came through from outside the node. I think it is not ok to completely lock down the node this way.
In my case, after MAAS I run kubespray to deploy a cluster, using a http server running on the MAAS server to host static binaries for the deployment.