---

firewall_ssh_acl:
  - 0.0.0.0/0              # allow SSH from everywhere


firewall_influx_acl:
  - 10.11.0.0/16              # allow influx from ip(s)
  - 192.168.255.0/24          # allow influx from ip(s)


firewall_mariadb_acl:
  - 10.11.0.0/16              # allow mariadb from ip(s)
  - 192.168.255.0/24          # allow mariadb from ip(s)

firewall_ssh_acl_extra: "{{ datacenter_global_networks + datacenter_public_networks }}"


firewall_influx_acl_extra: "{{ datacenter_global_networks + datacenter_public_networks }}"


firewall_mariadb_acl_extra: "{{ datacenter_global_networks + datacenter_public_networks }}"


firewall_monitoring_ips:
  - 10.11.11.200
  - 10.11.12.150

# TODO: Needs an inventory of all external services.
firewall_output_default_drop: no