Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Closed Feature request MAR-12 Firewall (iptables) management
action_vote_minus_faded.png
0
Votes
action_vote_plus_faded.png
Go to the next issue (open or closed)
Go to the next open issue
There are no more issues in that direction.
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Feature request
  • Category
    Not determined
  • Targetted for
    1.0.0
  • Status
    Closed
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    Not estimated
  • Time spent
    No time spent
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description
The current role implementations do not include any kind of management of firewall (iptables) rules.

It is necessary to implement this functionality in order to have properly protected servers. The firewall should be implemented using '''ferm''' (http://ferm.foo-projects.org/), which allows for splitting-up the firewall rules into multiple files, where the files are subsequently combined in order to form the full iptables configuration.

This approach allows for easily splitting-up the deployment of firewall rules amongst the roles, with each role deploying the rules necessary for it to function.

The rules deployed should include the following:

* Role '''common''' (some basic hardening, drop packages by default, allow ssh logins, perform some kind of rate limiting)
* Each role deploying a specific server service should allow access to appropriate ports.
Todos (0 / 0)
Issue created