Page MenuHomeDevCentral
Differential D3549

Enable pf firewall
Needs ReviewPublic
Actions

Authored by dereckson on Mon, Oct 21, 00:19.
Tags
None
Referenced Files
F3685044: D3549.id.diff
Tue, Oct 22, 21:26
F3684583: D3549.id.diff
Tue, Oct 22, 18:53
F3683210: D3549.id9118.diff
Tue, Oct 22, 11:17
F3681971: D3549.id9120.diff
Tue, Oct 22, 05:34
F3681970: D3549.id9119.diff
Tue, Oct 22, 05:34
F3681969: D3549.id9118.diff
Tue, Oct 22, 05:34
F3681968: D3549.id9118.diff
Tue, Oct 22, 05:34
F3681939: D3549.id9120.diff
Tue, Oct 22, 05:32
View All 16 Files
Subscribers
None

Details

Reviewers
DorianWinty
Summary

Brute-force attacks can create a lot of noise in system logs.
It could be convenient to be able to use a command to block a specific IP:

$ pfctl -t badhosts -T add $IP_TO_BLOCK

pf has the advantage to create easier to read rules than ipfilter and ipfw,
and to be still actively maintained.

Test Plan

Deployed on Hervil

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Errors
SeverityLocationCodeMessage
Error_modules/node.py:479E501flake8 E501
Unit
No Test Coverage
Branch
pf
Build Status
Buildable 5633
Build 5915: arc lint + arc unit

Revision Contents
Changeset List

PathSize
_modules/
2 lines
roles/
core/
1 line
pf/
31 lines
files/
24 lines
rc/
16 lines
16 lines
14 lines
20 lines

Diff 9119

View Options

_modules/node.py

Loading...
View Options

roles/core/init.sls

Loading...
View Options

roles/core/pf/config.sls

Loading...
View Options

roles/core/pf/files/pf.conf

Loading...
View Options

roles/core/pf/files/rc/pf.conf

Loading...
View Options

roles/core/pf/files/rc/pflog.conf

Loading...
View Options

roles/core/pf/init.sls

Loading...
View Options

roles/core/pf/services.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator