From 7c46b9460da678eb4199cbe0db4fcacaf48f44e6 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Wed, 19 Apr 2023 11:50:46 +0200 Subject: [PATCH] Do not limit IP prefix for DHCP rule In case it's needed to limit access to DHCP servers, rules must be way more complex then this one, since DHCP uses broadcast. To avoid complexity, let's just avoid defining remote_ip_prefix that allows egress traffic for DHCP. Change-Id: I280c064b4d93bcd78092f02a928d5d6dfb4fda68 --- tasks/octavia_security_group.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks/octavia_security_group.yml b/tasks/octavia_security_group.yml index 63f07872..f8ed3d4b 100644 --- a/tasks/octavia_security_group.yml +++ b/tasks/octavia_security_group.yml @@ -139,7 +139,6 @@ port_range_min: 67 port_range_max: 67 direction: egress - remote_ip_prefix: "{{ octavia_security_group_rule_cidr }}" interface: admin verify: "{{ not keystone_service_adminuri_insecure }}" register: add_security_group_rule