Closed conorsch closed 7 years ago
All of these commits are present in #1075. Leaving this issue open until #1075 is closed.
@conorsch #1075 is closed, so the iptables changes from the last iSec audit are now included in develop. Do you want to re-purpose this issue for updating the spec tests to fit the new rules, or should we close this issue and open a new one for that?
@garrettr Changes are backported, but are untested. Repurposing this issue to track the tests. Will add tests for the issues to #1070.
Resolved by #1616. We now test the entire iptables ruleset for staging hosts, both locally and as part of CI (#1666).
The iptables changes in #1053 have made it into master via
release/0.3.4
, but haven't been merged intodevelop
yet. There are four major components to the iptables changes:When backporting the changes, new serverspec tests should be added to validate the updated config. Therefore #1070 should be merged into
develop
before the iptables fixes are backported.Attempting a standard merge from the feature branch used for #1053 results in a dozen or so merge conflicts, mostly related to documentation. It'd be cleaner to cherry-pick the following four commits, straight from #1053: