Diffusion Nasqueron Operations f4b002b83f46

Enable pf firewall
f4b002b83f46
Actions

Description

Enable pf firewall

Summary:
Brute-force attacks can create a lot of noise in system logs.
It could be convenient to be able to use a command to block a specific IP:

$ pfctl -t badhosts -T add $IP_TO_BLOCK

pf has the advantage to create easier to read rules than ipfilter and ipfw,
and to be still actively maintained.

Test Plan: Deployed on Hervil

Reviewers: DorianWinty

Reviewed By: DorianWinty

Differential Revision: https://devcentral.nasqueron.org/D3549

Details

Provenance

dereckson	Authored on Oct 20 2024, 23:55
dereckson	Pushed on Sat, Oct 26, 14:34

Reviewer

DorianWinty

Differential Revision

D3549: Enable pf firewall

Parents

rOPS9d40b30d4f8c: Resolve public IPv4 interface

Branches

Unknown

Tags

Unknown

Event Timeline

dereckson committed rOPSf4b002b83f46: Enable pf firewall (authored by dereckson).Sat, Oct 26, 14:34

dereckson added an edge: D3549: Enable pf firewall.

Changes (10)

Path

Size

roles/

core/

init.sls

files

	pf/	files/	rc/
	rc/	files/

	pf.conf
	locate.rc

	pflog.conf
	locate.rc

	pf/
	storage/

	services.sls
	snapshots.sls

	core/	pf/	config.sls/
	webserver-content/	org/	nasqueron/


	tools51.sls

	core/	pf/	files/
	paas-jails/	jails/	files/

	pf.conf
	jail.rc

	core/	pf/
	devserver/	api-exec/

init.sls

rOPSf4b002b83f46

View Options

roles/core/init.sls

View Options

roles/core/pf/config.sls

View Options

roles/core/pf/files/pf.conf

View Options

roles/core/pf/files/rc/pf.conf

View Options

roles/core/pf/files/rc/pflog.conf

View Options

roles/core/pf/init.sls

View Options

roles/core/pf/services.sls

Enable pf firewallf4b002b83f46Actions

Description

Details

Event Timeline

Changes (10)

rOPSf4b002b83f46

roles/core/init.sls

roles/core/pf/config.sls

roles/core/pf/files/pf.conf

roles/core/pf/files/rc/pf.conf

roles/core/pf/files/rc/pflog.conf

roles/core/pf/init.sls

roles/core/pf/services.sls

Enable pf firewall
f4b002b83f46
Actions