leap_platform.git/puppet/modules/site_config/templates, branch master [leap_platform] testing: adds mx delivery tests 2016-04-05T16:52:01+00:00 elijah elijah@riseup.net 2016-03-29T20:27:01+00:00 eac3056c237d523f4786593922fe8f88eb65dff7 






allow all outgoing traffic
2014-09-25T14:01:37+00:00

Christoph Kluenter
ckluente@thoughtworks.com

2014-09-25T14:01:37+00:00

343572ab04686c65c10fd49a5d09314ca99b3d75

as discussed on #leap





as discussed on #leap







allow outgoing port 3142 for apt-cacher proxy
2014-09-17T15:30:38+00:00

Christoph
chris@inferno.nadir.org

2014-09-17T15:30:38+00:00

63783c1dc0a1e1749810162af169f0ffc0a237d5












clean up how /etc/hosts is generated so it doesn't require custom behavior depending on the services.
2014-06-04T21:19:55+00:00

elijah
elijah@riseup.net

2014-06-04T21:19:55+00:00

f991e8a4c877cff1d274fd1cac26488f8c3fda84












Change the initial firewall to subscribe to the rule file to be able to
2014-05-06T20:37:01+00:00

Micah Anderson
micah@leap.se

2014-05-06T20:37:01+00:00

0eff66a4bcf68b51c57493c0a80e0f3813476733

trigger changes, make the default ipv6 firewall subscribe to shorewall6,
if it exists, and finally reject all outgoing IPv6 packets.

All of this will complete the platform-side of route IPv6 through
OpenVPN gateway, and block it. (Feature #4163)

Change-Id: Icf6d582063ed01d304658b740a565057ee4e6810





trigger changes, make the default ipv6 firewall subscribe to shorewall6,
if it exists, and finally reject all outgoing IPv6 packets.

All of this will complete the platform-side of route IPv6 through
OpenVPN gateway, and block it. (Feature #4163)

Change-Id: Icf6d582063ed01d304658b740a565057ee4e6810







initial firewall: allow port 22 by default. This is the most common port
2014-04-24T18:59:33+00:00

Micah Anderson
micah@leap.se

2014-04-24T18:55:46+00:00

640c63ef377abe7a4461ab417c27057313613830

that sshd will be listening to in a default setup. This needs to be
allowed so that you can have a different port configured in the
hiera and not get locked out during deployment (#5119)

Change-Id: Ie101eaaf440415ddb276621c369da7f67f409c2b





that sshd will be listening to in a default setup. This needs to be
allowed so that you can have a different port configured in the
hiera and not get locked out during deployment (#5119)

Change-Id: Ie101eaaf440415ddb276621c369da7f67f409c2b







include "127.0.1.1 @domain_public @api['domain']"  in /etc/hosts for nagios webapp log check
2014-02-27T17:28:54+00:00

varac
varacanero@zeromail.org

2014-02-27T15:41:05+00:00

2887bbbac9f350c0912e3b2bf8fd643994eaee84












fix initial firewall to allow outgoing lo traffic and outgoing port 443 (#3736)
2013-09-05T02:46:56+00:00

Micah Anderson
micah@leap.se

2013-09-05T02:46:56+00:00

f9ee40f2fca2396c1ef7d85a9c44b97fe834671a

this allows nameserver queries to the local resolver to work and clones to the
leap https repository to work

Change-Id: I575d08405a0c28e12c8d201a8dbc79585a5a9a48





this allows nameserver queries to the local resolver to work and clones to the
leap https repository to work

Change-Id: I575d08405a0c28e12c8d201a8dbc79585a5a9a48







install a preliminary firewall that blocks everything, except ssh for the cases when shorewall doesn't properly come up, ensuring that it fails safe (#3339)
2013-08-22T13:43:20+00:00

Micah Anderson
micah@leap.se

2013-08-20T23:45:56+00:00

3cdebf3ebe73cb2859dc852dcc73a8ee2d60e976

Change-Id: Id4f0bf6cf25f420aa2ad67635b37ae95f54e3d38





Change-Id: Id4f0bf6cf25f420aa2ad67635b37ae95f54e3d38







ensure that /etc/hosts is output deterministically, so that content does not change each time you deploy.
2013-07-11T04:45:51+00:00

elijah
elijah@riseup.net

2013-07-11T04:45:51+00:00

0e7b47380edb2af6683a0cdc871eaa60a4101f5c