Dzahn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/96177
Change subject: add ferm rule to only allow nrpe/5666 from intern
......................................................................
add ferm rule to only allow nrpe/5666 from intern
RT #6342
Change-Id: I84658abc260664df4be29a72749518d780329855
---
M manifests/role/gitblit.pp
1 file changed, 4 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/77/96177/1
diff --git a/manifests/role/gitblit.pp b/manifests/role/gitblit.pp
index ff088fd..b6f4818 100644
--- a/manifests/role/gitblit.pp
+++ b/manifests/role/gitblit.pp
@@ -16,4 +16,8 @@
ferm::rule { 'gitblit_8080':
rule => 'proto tcp dport 8080 { saddr $INTERNAL ACCEPT; DROP; }'
}
+ # only accept nrpe/5666 from internal
+ ferm::rule {'nrpe_5666':
+ rule => 'proto tcp dport 5666 { saddr $INTERNAL ACCEPT; DROP; }'
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/96177
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I84658abc260664df4be29a72749518d780329855
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
