Commit Graph

32 Commits

Author SHA1 Message Date
toby 83e0ccc728 adding firewall restart to postinst script. firewall is now restarted on upgrade, may break kickstart, need to test 2018-11-28 18:14:08 +01:00
toby fcaa400452 removing ceph rgw 8080 for now since it's not in use 2018-11-26 19:17:31 +01:00
toby 2ff6566d2e firewall house-keeping 2018-11-26 18:39:18 +01:00
toby e5b6e96c2e adding bastion2 to firewalls for potential failover 2018-11-19 00:32:12 +01:00
toby e3fba4ecad prepping to flip back bastion to a loopback ip. setting firewall rule accordingly 2018-11-18 02:22:04 +01:00
toby 9028be6de6 fixing live migration iptables rules 2018-11-17 02:06:37 +01:00
toby a0d2d87355 adding ceph rgw rules to firewall 2018-11-16 18:26:57 +01:00
toby 26f34e482f adding smarthost to the firewall 2018-11-13 20:41:41 +01:00
toby 045736616f fixng small console error so that systemd actually thinks firewall started successfully 2018-11-12 21:08:25 +01:00
toby 1855169a42 adding bastion firewall rules to all firewalls. this is precausion so that we have the blocking rules in any event. the rest of bastion gets deployed through ansible but since if ansible gets forgotton or other things happen this will make sure the most critical things are there 2018-11-04 21:13:13 +01:00
toby 7aabd41def simplifying and adding flexibility to the NOTRACK rules 2018-11-04 19:19:09 +00:00
toby f925ad46a0 updated IP for new mirrors in usw2 2018-10-24 23:07:54 +02:00
toby d67b225792 cleanup firewall rules and making unnumbered bgp rules a tad more restrictive 2018-10-21 23:08:58 +02:00
toby c7d116d1c1 adding firewall rules for edge boxes 2018-10-20 18:55:45 +02:00
toby a343ade9c4 adding new firewall rule for stackapi 2018-10-05 22:27:10 +00:00
toby b5860daf1d typo in firewall rule 2018-10-01 18:25:50 +02:00
toby 7a948a6fbf adding ipv6 ssh support from bastion (in theory we should actually only need that, but keep ipv4 for now ... just in case) 2018-10-01 15:04:23 +02:00
toby 1c50cecdb5 adding direct ssh access on default for bastion, and migrating to admin domain instead of 3 different zones 2018-10-01 10:39:17 +02:00
toby b18d2c03c8 adding mirrors.wit.com to the firewall 2018-09-26 23:47:01 +02:00
Adam Frank 6a01e4988b adding local ceph traffic rules 2018-09-22 04:57:07 +00:00
toby c8195a9cf8 adding first estimated rules for ceph 2018-09-20 16:40:25 +02:00
toby 37c69ab507 adding ipv6 tunnel to strongswan and matching firewall rules 2018-09-17 21:28:02 +02:00
toby 002d2e0221 fixing firewall scirpt and rolling back to hardcoded IP till I get the systemd unit file 2018-09-13 23:41:28 +02:00
toby 2e95eb7bad orginizing the firewall a little bit, no changes in theory 2018-09-13 12:08:40 +02:00
toby 8bdbba3016 orginizing the firewall a little bit, no changes in theory 2018-09-13 01:17:40 +02:00
toby dc6a02d0d4 fixing ipv6 mgmt firewall rules (again) and setting mgmt1 interface to be dhcp as well (not just auto) 2018-09-10 21:03:57 +02:00
toby 7d30951603 fixing DHCP6 offer packets on firewall to come through 2018-09-09 23:37:24 +02:00
toby d96371752d adding DHCP6 offer packets on firewall to come through 2018-09-09 23:20:30 +02:00
toby 660343046e fix firewall to support our DNS 2018-09-09 15:42:45 +02:00
toby 8beb8a5aa9 removing pre-defined loopback subnet from firewall dependency 2018-09-09 13:30:30 +02:00
root b8368a446f just a coupe more comments and adding vteps to auto-detect 2018-08-06 18:45:35 +00:00
root bb377472b0 first commit 2018-07-26 08:57:41 +00:00