WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-24 10:31:56 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e59f82daa4d2cfd4153629dfb4d8ead5bee91a30
fedora-infra_ansible/roles/base
History
Kevin Fenzi ee49c53f08 base / iptables: Adjust iptables on all vpn hosts to drop less secure traffic 
Most of our vpn hosts are on a 192.168.1.0/24 network.
However we have a small number on a 'less secure' 'less trusted' subnet:
192.168.100.0/24. This change adds in logic to:
* on log01, allow rsyslog from 192.168.100.x hosts
* on ipa servers, allow ipa ports for 192.168.100.x hosts
* then reject everything else.
This will make sure 192.168.100.x hosts can only hit ssh and the two
above items, otherwise all vpn hosts will reject their traffic. This
should add a bit of security to having those hosts on the vpn.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-05-04 21:15:05 +00:00
..
files
handlers
meta
linux system roles: add tag
2021-03-31 11:35:25 -07:00
tasks
Fix tasks/postfix.yaml and roles/basic/tasks/postfix.yaml to match
2021-02-17 19:17:50 -05:00
templates
base / iptables: Adjust iptables on all vpn hosts to drop less secure traffic
2021-05-04 21:15:05 +00:00
README

README 

This role is the base setup for all our machines. 

If there's something that shouldn't be run on every single 
machine, it should be in another role.
Reference in New Issue View Git Blame Copy Permalink