Ask Your Question
0

Multiple Firewall Rules Different Source IP in Heat

asked 2015-09-22 10:36:01 -0500

kwrobert gravatar image

Hello Everyone!

I'm trying to figure out how to create multiple firewall rules that have the same protocol, destination IP, etc but would have different source IP's. The goal is too allow access to my load balancer from a number of different subnets. My template should look something like this:

heat_template_version: 2014-10-16
parameters:
  source_cidrs: [10.20.30.40,40,1.2.3.4]
  load_balancer_ip: 5.6.7.8
resources:
  ssh_rule:
    type: OS::Neutron::FirewallRule
    properties:
      name: allow_ssh
      description: Allow SSH access on TCP port 22 to head nodes
      action: allow
      protocol: tcp
      destination_port: 22
      destination_ip_address: {get_param: load_balancer_ip}
      repeat:
        for_each:
          %cidr% : {get_param: source_cidr}
        template:
           source_ip_address: %cidr%

However my syntax is clearly incorrect because this doesn't work. I've tried putting the repeat function outside of the resource definition and in various other places but I keep getting errors along the lines of "for_each is not a valid key inside a resource definition". Could somebody correct my syntax and explain what I am doing wrong here?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2016-01-20 08:04:59 -0500

Jeffrey Guan gravatar image

updated 2016-01-20 08:08:03 -0500

Please add the key words: "rules" and have a try.

Take the following for example:

resources:
  security_group:
    type: OS::Neutron::SecurityGroup
    properties:
      name: web_server_security_group
      rules:
        repeat:
          for_each:
            %port%: { get_param: ports }
          template:
            protocol: tcp
            port_range_min: %port%
            port_range_max: %port%
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-09-22 10:36:01 -0500

Seen: 414 times

Last updated: Jan 20 '16