Page MenuHomeDevCentral
Differential D3549

Enable pf firewall
ClosedPublic
Actions

Authored by dereckson on Oct 21 2024, 00:19.
Tags
None
Referenced Files
F11779651: D3549.id.diff
Sun, Sep 21, 13:03
F11773965: D3549.diff
Sun, Sep 21, 08:48
F11773963: D3549.id9118.diff
Sun, Sep 21, 08:48
F11773955: D3549.id9158.diff
Sun, Sep 21, 08:48
Unknown Object (File)
Sun, Sep 21, 02:01
Unknown Object (File)
Fri, Sep 19, 20:29
Unknown Object (File)
Fri, Sep 19, 15:22
Unknown Object (File)
Fri, Sep 19, 14:38
View All Files
Subscribers
None

Details

Reviewers
DorianWinty
Commits
rOPSf4b002b83f46: Enable pf firewall
Summary

Brute-force attacks can create a lot of noise in system logs.
It could be convenient to be able to use a command to block a specific IP:

$ pfctl -t badhosts -T add $IP_TO_BLOCK

pf has the advantage to create easier to read rules than ipfilter and ipfw,
and to be still actively maintained.

Test Plan

Deployed on Hervil

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
roles/
core/
1 line
pf/
31 lines
files/
24 lines
rc/
16 lines
16 lines
14 lines
20 lines

Diff 9158

View Options

roles/core/init.sls

Loading...
View Options

roles/core/pf/config.sls

Loading...
View Options

roles/core/pf/files/pf.conf

Loading...
View Options

roles/core/pf/files/rc/pf.conf

Loading...
View Options

roles/core/pf/files/rc/pflog.conf

Loading...
View Options

roles/core/pf/init.sls

Loading...
View Options

roles/core/pf/services.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator