Page MenuHomeDevCentral
Differential D3549

Enable pf firewall
ClosedPublic
Actions

Authored by dereckson on Oct 21 2024, 00:19.
Tags
None
Referenced Files
F3762849: D3549.id.diff
Thu, Nov 21, 16:44
F3762824: D3549.diff
Thu, Nov 21, 16:12
F3762725: D3549.diff
Thu, Nov 21, 13:56
Unknown Object (File)
Tue, Nov 19, 07:29
Unknown Object (File)
Tue, Nov 19, 07:29
Unknown Object (File)
Tue, Nov 19, 07:29
Unknown Object (File)
Tue, Nov 19, 07:28
Unknown Object (File)
Tue, Nov 19, 07:28
View All 64 Files
Subscribers
None

Details

Reviewers
DorianWinty
Commits
rOPSf4b002b83f46: Enable pf firewall
Summary

Brute-force attacks can create a lot of noise in system logs.
It could be convenient to be able to use a command to block a specific IP:

$ pfctl -t badhosts -T add $IP_TO_BLOCK

pf has the advantage to create easier to read rules than ipfilter and ipfw,
and to be still actively maintained.

Test Plan

Deployed on Hervil

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Errors
SeverityLocationCodeMessage
Error_modules/node.py:479E501flake8 E501
Unit
No Test Coverage
Branch
pf
Build Status
Buildable 5633
Build 5915: arc lint + arc unit

Revision Contents
Changeset List

PathSize
_modules/
2 lines
roles/
core/
1 line
pf/
31 lines
files/
24 lines
rc/
16 lines
16 lines
14 lines
20 lines

Diff 9119

View Options

_modules/node.py

Loading...
View Options

roles/core/init.sls

Loading...
View Options

roles/core/pf/config.sls

Loading...
View Options

roles/core/pf/files/pf.conf

Loading...
View Options

roles/core/pf/files/rc/pf.conf

Loading...
View Options

roles/core/pf/files/rc/pflog.conf

Loading...
View Options

roles/core/pf/init.sls

Loading...
View Options

roles/core/pf/services.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator