toby
|
83e0ccc728
|
adding firewall restart to postinst script. firewall is now restarted on upgrade, may break kickstart, need to test
|
2018-11-28 18:14:08 +01:00 |
toby
|
fcaa400452
|
removing ceph rgw 8080 for now since it's not in use
|
2018-11-26 19:17:31 +01:00 |
toby
|
2ff6566d2e
|
firewall house-keeping
|
2018-11-26 18:39:18 +01:00 |
toby
|
e5b6e96c2e
|
adding bastion2 to firewalls for potential failover
|
2018-11-19 00:32:12 +01:00 |
toby
|
e3fba4ecad
|
prepping to flip back bastion to a loopback ip. setting firewall rule accordingly
|
2018-11-18 02:22:04 +01:00 |
toby
|
9028be6de6
|
fixing live migration iptables rules
|
2018-11-17 02:06:37 +01:00 |
toby
|
a0d2d87355
|
adding ceph rgw rules to firewall
|
2018-11-16 18:26:57 +01:00 |
toby
|
26f34e482f
|
adding smarthost to the firewall
|
2018-11-13 20:41:41 +01:00 |
toby
|
045736616f
|
fixng small console error so that systemd actually thinks firewall started successfully
|
2018-11-12 21:08:25 +01:00 |
toby
|
1855169a42
|
adding bastion firewall rules to all firewalls. this is precausion so that we have the blocking rules in any event. the rest of bastion gets deployed through ansible but since if ansible gets forgotton or other things happen this will make sure the most critical things are there
|
2018-11-04 21:13:13 +01:00 |
toby
|
7aabd41def
|
simplifying and adding flexibility to the NOTRACK rules
|
2018-11-04 19:19:09 +00:00 |
toby
|
f925ad46a0
|
updated IP for new mirrors in usw2
|
2018-10-24 23:07:54 +02:00 |
toby
|
d67b225792
|
cleanup firewall rules and making unnumbered bgp rules a tad more restrictive
|
2018-10-21 23:08:58 +02:00 |
toby
|
c7d116d1c1
|
adding firewall rules for edge boxes
|
2018-10-20 18:55:45 +02:00 |
toby
|
a343ade9c4
|
adding new firewall rule for stackapi
|
2018-10-05 22:27:10 +00:00 |
toby
|
b5860daf1d
|
typo in firewall rule
|
2018-10-01 18:25:50 +02:00 |
toby
|
7a948a6fbf
|
adding ipv6 ssh support from bastion (in theory we should actually only need that, but keep ipv4 for now ... just in case)
|
2018-10-01 15:04:23 +02:00 |
toby
|
1c50cecdb5
|
adding direct ssh access on default for bastion, and migrating to admin domain instead of 3 different zones
|
2018-10-01 10:39:17 +02:00 |
toby
|
b18d2c03c8
|
adding mirrors.wit.com to the firewall
|
2018-09-26 23:47:01 +02:00 |
Adam Frank
|
6a01e4988b
|
adding local ceph traffic rules
|
2018-09-22 04:57:07 +00:00 |
toby
|
c8195a9cf8
|
adding first estimated rules for ceph
|
2018-09-20 16:40:25 +02:00 |
toby
|
37c69ab507
|
adding ipv6 tunnel to strongswan and matching firewall rules
|
2018-09-17 21:28:02 +02:00 |
toby
|
002d2e0221
|
fixing firewall scirpt and rolling back to hardcoded IP till I get the systemd unit file
|
2018-09-13 23:41:28 +02:00 |
toby
|
2e95eb7bad
|
orginizing the firewall a little bit, no changes in theory
|
2018-09-13 12:08:40 +02:00 |
toby
|
8bdbba3016
|
orginizing the firewall a little bit, no changes in theory
|
2018-09-13 01:17:40 +02:00 |
toby
|
dc6a02d0d4
|
fixing ipv6 mgmt firewall rules (again) and setting mgmt1 interface to be dhcp as well (not just auto)
|
2018-09-10 21:03:57 +02:00 |
toby
|
7d30951603
|
fixing DHCP6 offer packets on firewall to come through
|
2018-09-09 23:37:24 +02:00 |
toby
|
d96371752d
|
adding DHCP6 offer packets on firewall to come through
|
2018-09-09 23:20:30 +02:00 |
toby
|
660343046e
|
fix firewall to support our DNS
|
2018-09-09 15:42:45 +02:00 |
toby
|
8beb8a5aa9
|
removing pre-defined loopback subnet from firewall dependency
|
2018-09-09 13:30:30 +02:00 |
root
|
b8368a446f
|
just a coupe more comments and adding vteps to auto-detect
|
2018-08-06 18:45:35 +00:00 |
root
|
bb377472b0
|
first commit
|
2018-07-26 08:57:41 +00:00 |