Add PF firewall configuration management for routers
Needs RevisionPublic
Actions

Authored by yousra on Mon, May 4, 18:00.

Details

Reviewers

dereckson
Duranzed

Summary

This change introduces a SaltStack state to manage the PF firewall configuration
on routers. As part of T2324, we observed that complector could not access the Internet
because NAT was not configured. This state ensures proper NAT configuration,
allowing Intranought nodes to reach external networks.

Test Plan

Verify that Complector can access to the Internet through the router

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Skipped

Unit

No Test Coverage

Branch

pf-router

Build Status

Buildable 6686
Build 6974: arc lint + arc unit

Event Timeline

yousra requested review of this revision.Mon, May 4, 18:00

yousra created this revision.

Harbormaster completed remote builds in B6686: Diff 10729.Mon, May 4, 18:00

yousra mentioned this in T2324: Ensure OSPF default route is used by all IntraNought nodes.Mon, May 4, 18:03

We need to use /etc/pf.conf.d as roles/core/pf/files/pf.conf provide tables

Suggested changes:

In this revisio, provision roles/router/pf/files/pf.conf as /etc/pf.conf.d/router.conf
In another new revision, provision roles/core/pf/files/pf.conf as /etc/pf.conf.d/tables.conf

This revision now requires changes to proceed.Mon, May 4, 18:08