Mark Bergsma has uploaded a new change for review.
https://gerrit.wikimedia.org/r/78395
Change subject: Firewall GitBlit HTTP port 8080 from the outside world
......................................................................
Firewall GitBlit HTTP port 8080 from the outside world
Change-Id: Icd6698e6fd97a009d5814b434f16be0b18f39e38
---
M manifests/role/gitblit.pp
1 file changed, 7 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/95/78395/1
diff --git a/manifests/role/gitblit.pp b/manifests/role/gitblit.pp
index 93faf4b..6f61cea 100644
--- a/manifests/role/gitblit.pp
+++ b/manifests/role/gitblit.pp
@@ -10,4 +10,11 @@
ssl_cert => "git.wikimedia.org",
ssl_cert_key => "git.wikimedia.org"
}
+
+ # Firewall GitBlit, it should be accessed from localhost or Varnish
+ class { 'ferm': default_firewall => false }
+
+ ferm::rule { 'gitblit_8080':
+ rule => 'proto tcp dport 8080 { saddr ($INTERNAL) ACCEPT; DROP; }'
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/78395
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Icd6698e6fd97a009d5814b434f16be0b18f39e38
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mark Bergsma <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
