Alex Monk has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/312456

Change subject: tcpircbot: remove localhost from ferm rule
......................................................................

tcpircbot: remove localhost from ferm rule

It's not needed, ferm accepts all loopback traffic.

Change-Id: Ice812d7540c4ce828e1284d9051cafc7e5588b03
---
M manifests/role/tcpircbot.pp
1 file changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/56/312456/1

diff --git a/manifests/role/tcpircbot.pp b/manifests/role/tcpircbot.pp
index 9a2c593..aec319e 100644
--- a/manifests/role/tcpircbot.pp
+++ b/manifests/role/tcpircbot.pp
@@ -34,8 +34,8 @@
     }
 
     ferm::rule { 'tcpircbot_allowed':
-        # eventlog1001 (v4), tin (v4), mira (v4), puppetmaster1001 (v4), 
localhost (v4), tin (v6), mira (v6), puppetmaster1001 (v6, unnamed in DNS), 
terbium (v4), terbium (v6, unnamed in DNS), wasat (v4), wasat (v6, unnamed in 
DNS), puppetmaster2001 (v4), puppetmaster2001 (v6, unnamed in DNS)
+        # eventlog1001 (v4), tin (v4), mira (v4), puppetmaster1001 (v4), tin 
(v6), mira (v6), puppetmaster1001 (v6, unnamed in DNS), terbium (v4), terbium 
(v6, unnamed in DNS), wasat (v4), wasat (v6, unnamed in DNS), puppetmaster2001 
(v4), puppetmaster2001 (v6, unnamed in DNS)
         # Please DO NOT change the IPs in the rule below without updating the 
comment above
-        rule => 'proto tcp dport 9200 { saddr (10.64.32.167/32 10.64.0.196/32 
10.192.16.132/32 10.64.16.73/32 127.0.0.1 2620:0:861:101:10:64:0:196/128 
2620:0:860:102:10:192:16:132/128 2620:0:861:102:10:64:16:73/128 10.64.32.13/32 
2620:0:861:103:92b1:1cff:fe25:9d72/128 10.192.48.45/32 
2620:0:860:104:1602:ecff:fe3f:478c/128 10.192.0.27/32 
2620:0:860:101:10:192:0:27/128) ACCEPT; }',
+        rule => 'proto tcp dport 9200 { saddr (10.64.32.167/32 10.64.0.196/32 
10.192.16.132/32 10.64.16.73/32 2620:0:861:101:10:64:0:196/128 
2620:0:860:102:10:192:16:132/128 2620:0:861:102:10:64:16:73/128 10.64.32.13/32 
2620:0:861:103:92b1:1cff:fe25:9d72/128 10.192.48.45/32 
2620:0:860:104:1602:ecff:fe3f:478c/128 10.192.0.27/32 
2620:0:860:101:10:192:0:27/128) ACCEPT; }',
     }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/312456
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ice812d7540c4ce828e1284d9051cafc7e5588b03
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alex Monk <a...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to