Bob Proulx wrote: > Which means I want to say that all of the version control systems from > vcs are migrated now. (Since tla arch is hosted on download.) > Therefore I think I will set up an iptables block for other services > in order to force finding any unknown issues.
Which I have done just now. I agressively created a copy of the iptables firewall. I removed all access ports for the version control systems and for web access. I blocked ssh access from the world (needed for the version control access) but allowed it from the standard list of local systems such as fencepost and mgt0 and the FSF admins vpn network. I did this as a temporary change from the command line. A reboot would restore operation to the previous rules. In theory nothing from the outside world is using the vcs server for any version control or web access or any other access. This should enforce that theory and cause anything using it to be blocked. Note that vcs is still very much a required system. It is hosting the data storage by NFS onto the new system vcs0. NFS access to the data is still very much required for every operation. Plus us admins need shell access for repository maintenance actions using local root access. NFS root_squash is in effect, as desired, and vcs0 has no root access to the nfs mounted file system. As usual please report any problems. Bob