Commit Graph

24 Commits

Author SHA1 Message Date
toby 045736616f fixng small console error so that systemd actually thinks firewall started successfully 2018-11-12 21:08:25 +01:00
toby 1855169a42 adding bastion firewall rules to all firewalls. this is precausion so that we have the blocking rules in any event. the rest of bastion gets deployed through ansible but since if ansible gets forgotton or other things happen this will make sure the most critical things are there 2018-11-04 21:13:13 +01:00
toby 7aabd41def simplifying and adding flexibility to the NOTRACK rules 2018-11-04 19:19:09 +00:00
toby f925ad46a0 updated IP for new mirrors in usw2 2018-10-24 23:07:54 +02:00
toby d67b225792 cleanup firewall rules and making unnumbered bgp rules a tad more restrictive 2018-10-21 23:08:58 +02:00
toby c7d116d1c1 adding firewall rules for edge boxes 2018-10-20 18:55:45 +02:00
toby a343ade9c4 adding new firewall rule for stackapi 2018-10-05 22:27:10 +00:00
toby b5860daf1d typo in firewall rule 2018-10-01 18:25:50 +02:00
toby 7a948a6fbf adding ipv6 ssh support from bastion (in theory we should actually only need that, but keep ipv4 for now ... just in case) 2018-10-01 15:04:23 +02:00
toby 1c50cecdb5 adding direct ssh access on default for bastion, and migrating to admin domain instead of 3 different zones 2018-10-01 10:39:17 +02:00
toby b18d2c03c8 adding mirrors.wit.com to the firewall 2018-09-26 23:47:01 +02:00
Adam Frank 6a01e4988b adding local ceph traffic rules 2018-09-22 04:57:07 +00:00
toby c8195a9cf8 adding first estimated rules for ceph 2018-09-20 16:40:25 +02:00
toby 37c69ab507 adding ipv6 tunnel to strongswan and matching firewall rules 2018-09-17 21:28:02 +02:00
toby 002d2e0221 fixing firewall scirpt and rolling back to hardcoded IP till I get the systemd unit file 2018-09-13 23:41:28 +02:00
toby 2e95eb7bad orginizing the firewall a little bit, no changes in theory 2018-09-13 12:08:40 +02:00
toby 8bdbba3016 orginizing the firewall a little bit, no changes in theory 2018-09-13 01:17:40 +02:00
toby dc6a02d0d4 fixing ipv6 mgmt firewall rules (again) and setting mgmt1 interface to be dhcp as well (not just auto) 2018-09-10 21:03:57 +02:00
toby 7d30951603 fixing DHCP6 offer packets on firewall to come through 2018-09-09 23:37:24 +02:00
toby d96371752d adding DHCP6 offer packets on firewall to come through 2018-09-09 23:20:30 +02:00
toby 660343046e fix firewall to support our DNS 2018-09-09 15:42:45 +02:00
toby 8beb8a5aa9 removing pre-defined loopback subnet from firewall dependency 2018-09-09 13:30:30 +02:00
root b8368a446f just a coupe more comments and adding vteps to auto-detect 2018-08-06 18:45:35 +00:00
root bb377472b0 first commit 2018-07-26 08:57:41 +00:00