search

ContainerSolutions / dcos-ansible-packet

Ansible playbook for installing DC/OS on Packet cloud
4 stars 3 forks source link

Firewall improvements #35

Closed nervetattoo closed 6 years ago

nervetattoo commented 6 years ago

This adds two improvements to the firewall setup:

  1. Manage iptables rules better by not blindly appending the same rules over and over on each firewall update. Uses ansible_iptables_raw to handle the rule insertion
  2. Set up rejection logging for the firewall onto /var/log/iptables.log via rsyslog with logrotate conf
nervetattoo commented 6 years ago

Updating fw after this change will work, but append a new rule. The second time and forward you run it though, it will not append a new rule.

The old rules would have to be manually removed, I don't see how they can safely be removed scripted

frankscholten commented 6 years ago

Awesome! Thx @nervetattoo