SK1Y101
commented
1 year ago Hey @blackliner You should be able to extend the firewall variable files to add additional ports (ie: https://github.com/maas/maas-ansible-playbook/blob/main/group_vars/maas_region_controller/60-firewall), which is an approach I would definitely recommend!
You did mention a specific use case however, so I'm wondering if #141 address your issue? that should allow per-host disabling of the firewall setup. For security sake that should definitely be an option secondary to the above.
I want to avoid this playbook touching any iptable rules, is there a way to disable
roles/maas_firewall/tasks/setup_firewall_rules.yamlcompletely?Background: It took me somewhat of an hour to figure out why local traffic works, but no ping or curl command came through from outside the node. I think it is not ok to completely lock down the node this way.
In my case, after MAAS I run kubespray to deploy a cluster, using a http server running on the MAAS server to host static binaries for the deployment.