-
Notifications
You must be signed in to change notification settings - Fork 1
/
perfsonar-tools-fw.yml
35 lines (28 loc) · 1.13 KB
/
perfsonar-tools-fw.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#
# Configure firewall to support perfSONAR tools
#
# http://www.perfsonar.net/deploy/security-considerations/#Using_perfSONAR_with_Firewalls
#
# Assumes that CentOS7 configures the public zone by default on the host nic
#
# Outbound connections are allowed by default so Outbound restrictions for
# owampd are not implemented
#
- hosts: 'bro, dtn'
become: yes
become_user: root
vars_files:
- site_vars.yaml
tasks:
- name: open inbound control port for one-way ping owampd
firewalld: port=861/tcp permanent=true state=enabled
- name: open inbound port range for owampd test channels
firewalld: port=8760-9960/udp permanent=true state=enabled
- name: open inbound control port for bwctl iperf test scheduleing
firewalld: port=4823/tcp permanent=true state=enabled
- name: open inbound port range for bwctl peers for clock validation and results
firewalld: port=6001-6200/tcp permanent=true state=enabled
- name: open inbound port range for bwctl iperf servers
firewalld: port=5001-5900/tcp permanent=true state=enabled
- name: reload firewalld to apply permanent configuration
shell: firewall-cmd --reload