Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-05-02 | fix incorrect shorewall parameter name 'protocol', should be 'proto' | Micah Anderson | |
Change-Id: I9c6c798b174228d44d01b55f2a4aa19458e2da8d | |||
2014-04-29 | block DNS traffic at the OpenVPN gateway (#4164) | Micah Anderson | |
There are many different edge cases where mac and windows clients (and maybe android too) will revert to using a different DNS server than the one specified by openvpn. This is bad news for security reasons. The client is being designed so it doesn't leak DNS, however we don't want to put all of our eggs in one basket, so this will block outgoing port 53 (udp and tcp) on the gateway's firewall from any of the EIP interfaces (thus not blocking DNS access on the gateway itself). Change-Id: I84dcfec7fb591cf7e6b356b66b9721feda188177 | |||
2013-05-16 | special casing for pistoncloud/openstack/ec2 | Micah Anderson | |
2013-04-30 | minor spacing changes | Micah Anderson | |
2013-04-30 | setup a site_config::params class that can be used to set some common ↵ | Micah Anderson | |
variables that are used in different places to start with we setup the $interface variable, based on logic as defined in #2213 change the various places that were looking up this value to use site_config::params::interface instead | |||
2013-03-17 | added support for "limited" service levels (although vpn is not yet actually ↵ | elijah | |
rate limited). | |||
2013-02-26 | missed another require => Package['shorewall'] on the file resources in ↵ | Micah Anderson | |
site_shorewall | |||
2013-02-06 | allow outgoing traffic moved to site_shorewall::defaults | varac | |
2013-02-06 | Restructuring site_shorewall | varac | |
site_shorewall::defaults can be used on every host, it configures a basic firewall, which blocks everything from outside except ping + ssh, and allows outgoing traffic for http, git, dns. | |||
2013-01-30 | start shorewall on vagrant nodes too (#1467) | varac | |
2013-01-29 | fix variable name for re-ordered fact | Micah Anderson | |
2013-01-29 | setup special casing for vagrant/virtualbox | Micah Anderson | |
2013-01-29 | fix variable scoping | Micah Anderson | |
2013-01-29 | create a special case for vagrant machines that need to have both interfaces in | Micah Anderson | |
the net zone so we dont lock ourselves out during deploy, but also are able to access the internet | |||
2013-01-29 | enclose the variables in curly braces, as recommended by puppet-lint | Micah Anderson | |
2013-01-29 | add a new fact that provides a fact for each configured ip address, telling you | Micah Anderson | |
which interface has it (essentially the inverse of the ipaddress_${interface} fact). Switch the hiera lookups of the $interface, which was pulling from the .json to pull instead from the above fact, see #1547 and #1548 | |||
2013-01-29 | start shorewall on deploy (fixes #1122) | varac | |
2012-11-21 | move site_config::eip to site_openvpn (Feature #943) | varac | |
2012-11-06 | duplicate definition after merge | varac | |
2012-11-06 | fixed unseen merge conflicts | varac | |
2012-11-06 | Merge branch 'feature/couchdb' into develop | varac | |
Conflicts: puppet/modules/site_shorewall/manifests/eip.pp | |||
2012-11-02 | accept all outgoing traffic on eip gw | varac | |
2012-10-30 | add dnat rule to redirect other ports to port 1194 | varac | |
2012-10-30 | start shorewall by default | varac | |
2012-10-29 | differentiate masq definition names | varac | |
2012-10-29 | configure tcp+udp masquerading | varac | |
2012-10-29 | configure tcp masquerading | varac | |
2012-10-29 | pass ssh_port to shorewall | varac | |
2012-10-29 | put in double quotes | varac | |
2012-10-29 | move interface definition for eth0 to eip.pp, use variable | varac | |
2012-10-29 | linted | varac | |
2012-10-25 | replace hardcoded interface eth0 with hiera variable | varac | |
2012-10-09 | shorewall: need to sprecify protocol | varac | |
2012-10-09 | shorewall: made rules more precise, use own macro | varac | |
2012-10-08 | no virtual IFs in shorewall | varac | |
2012-10-08 | Support for the norfc1918 interface option has been removed from Shorewall | varac | |
2012-10-08 | cleaned eip.pp, added second main if | varac | |
2012-10-08 | shorewall: reorder policy | varac | |
2012-10-08 | shorewall: allow git access for | varac | |
2012-10-08 | shorewall: allow git access for | varac | |
2012-10-08 | shorewall: policy: accept eip2all | varac | |
2012-10-08 | shorewall: add empty source for masq | varac | |
2012-10-08 | shorewall: + https, masquerading | varac | |
2012-10-08 | shorewall: + dns,http | varac | |
2012-10-08 | second if for site_shorewall::eip | varac | |
2012-10-08 | + site_shorewall::eip | varac | |