Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/97071
Change subject: Add firewall to holmium/blog
......................................................................
Add firewall to holmium/blog
This adds a firewall to the blog box. The current setup apparently has
some holes -that I won't document- and while we've been putting off a
reorganization of the service (e.g. putting it behind misc-lb and
making it internal) for a while, pending larger changes to the blog
service, this is simple enough.
Change-Id: I044412342b5beb27bddb233119f5360337a85983
---
M manifests/misc/blogs.pp
1 file changed, 5 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/71/97071/1
diff --git a/manifests/misc/blogs.pp b/manifests/misc/blogs.pp
index 0d79e8b..567cd7c 100644
--- a/manifests/misc/blogs.pp
+++ b/manifests/misc/blogs.pp
@@ -79,5 +79,9 @@
include backup::host
backup::set { 'srv-org-wikimedia': }
-}
+ include base::firewall
+ ferm::rule { 'blog':
+ rule => 'proto tcp dport (http https) ACCEPT;'
+ }
+}
--
To view, visit https://gerrit.wikimedia.org/r/97071
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I044412342b5beb27bddb233119f5360337a85983
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
