Handling Firewall Ports ?

[kameshsampath]

the usual problem i have seen with customers using EAP/FUSE/BxMS is to know the ports that they have to open in firewall post the installation. do you all think we need to open the right safe ports as part of the playbook - so that the customer or users of our playbooks knows which product and what port needs to be opened ?

I personally think we open up the basic ports and then leave the customer to modify the role vars to add/delete the ports that he wants to open/block, the below ones I used for EAP + EWS + JON setup, pulled the port list form the respective user/admin guides

• https://github.com/kameshsampath/ansible-middleware-playbooks-orig/tree/master/provisioning/roles/firewall
• https://github.com/kameshsampath/ansible-middleware-playbooks-orig/blob/master/provisioning/roles/firewall/tasks/main.yml
• https://github.com/kameshsampath/ansible-middleware-playbooks-orig/blob/master/provisioning/roles/firewall/defaults/main.yml

[sherl0cks]

I don't really understand the question @kameshsampath.

I can tell you that this particular role will not deal with firewalls due to single responsibility principle. If someone needs to handle a firewall, they should add a separate role to their playbook to that. Right now, creating such a role would be low priority in my book, especially since there are numerous different technologies that could come into play at that part of the network.

[kameshsampath]

thanks.