| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-04-02 | shorewall: re-order dnat rule variables to match configuration file order | Micah Anderson | |
| 2013-04-02 | replace hard-coded port number with hiera determined one, manipulated to ↵ | Micah Anderson | |
| remove the 'ip:' from the beginning in bigcouch replication client stunnels | |||
| 2013-04-02 | firewall: remove no longer needed epmd port | Micah Anderson | |
| 2013-04-02 | shorewall: | Micah Anderson | |
| create a macro for the bigcouch replication server stunnel to enable these connections pulling bigcouch_replication_clients, bigcouch_replication_server_port from hiera create site_shorewall::couchdb::dnat and create_resources to properly setup DNAT for bigcouch_replication_clients | |||
| 2013-04-02 | remove unnecessary class inheritance | Micah Anderson | |
| 2013-04-02 | shorewall: add couch_server stunnel port to macro.leap_couchdb, this is ↵ | Micah Anderson | |
| necessary for the stunnel to communicate | |||
| 2013-04-02 | start erlang vm on dedicated port so firewalling is easier | varac | |
| 2013-04-02 | added site_shorewall::couchdb::bigcouch | varac | |
| bigcouch cluster protocol communicate via the fqdn of the neighbor hosts. So we need to bend all requests to <fqdn>:4369 to localhost:400x (which is the entry of an stunnel connection to the other neighbor) | |||
| 2013-04-02 | added site_shorewall::dnat to configure DNAT rules | varac | |
| 2013-04-02 | shorewall couchdb config: get open ports right | varac | |
| 2013-04-02 | working on stunnel for bigcouch clustering | varac | |
| 2013-03-17 | added support for "limited" service levels (although vpn is not yet actually ↵ | elijah | |
| rate limited). | |||
| 2013-02-27 | openvpn -- added support for optional "free" rate-limited service via ↵ | elijah | |
| special client certificates with the FREE prefix in the common name. | |||
| 2013-02-26 | missed another require => Package['shorewall'] on the file resources in ↵ | Micah Anderson | |
| site_shorewall | |||
| 2013-02-12 | missed one require => Package['shorewall'] on of the file resources in ↵ | Micah Anderson | |
| site_shorewall | |||
| 2013-02-12 | file resources that make changes to shorewall need to make sure that ↵ | Micah Anderson | |
| shorewall is installed first (#1741) | |||
| 2013-02-12 | fixed shorewall is blocking api port (Bug #1735) | varac | |
| 2013-02-11 | duplicate shortwall service definitions now inclduded from services/* | varac | |
| 2013-02-09 | site_shorewall::monitor: allow port 80 + 443 | varac | |
| 2013-02-06 | allow outgoing traffic moved to site_shorewall::defaults | varac | |
| 2013-02-06 | allow port 80 to tor server | varac | |
| 2013-02-06 | configure shorewall for couchdb, tor, webapp | varac | |
| 2013-02-06 | allow all outgoing traffic | varac | |
| 2013-02-06 | Restructuring site_shorewall | varac | |
| site_shorewall::defaults can be used on every host, it configures a basic firewall, which blocks everything from outside except ping + ssh, and allows outgoing traffic for http, git, dns. | |||
| 2013-01-30 | start shorewall on vagrant nodes too (#1467) | varac | |
| 2013-01-29 | fix variable name for re-ordered fact | Micah Anderson | |
| 2013-01-29 | setup special casing for vagrant/virtualbox | Micah Anderson | |
| 2013-01-29 | fix variable scoping | Micah Anderson | |
| 2013-01-29 | create a special case for vagrant machines that need to have both interfaces in | Micah Anderson | |
| the net zone so we dont lock ourselves out during deploy, but also are able to access the internet | |||
| 2013-01-29 | enclose the variables in curly braces, as recommended by puppet-lint | Micah Anderson | |
| 2013-01-29 | add a new fact that provides a fact for each configured ip address, telling you | Micah Anderson | |
| which interface has it (essentially the inverse of the ipaddress_${interface} fact). Switch the hiera lookups of the $interface, which was pulling from the .json to pull instead from the above fact, see #1547 and #1548 | |||
| 2013-01-29 | start shorewall on deploy (fixes #1122) | varac | |
| 2013-01-17 | require the augeas class before doing any augeas operations (#1215) | Micah Anderson | |
| 2012-12-14 | no need for sections in shorewall rules | varac | |
| from the shorewall-rules manpage: "If no Section Headers appear in the file then all rules are assumed to be in the NEW section." | |||
| 2012-12-04 | set ip_forwarding using augeas | Micah Anderson | |
| 2012-11-21 | move site_config::eip to site_openvpn (Feature #943) | varac | |
| 2012-11-06 | duplicate definition after merge | varac | |
| 2012-11-06 | fixed unseen merge conflicts | varac | |
| 2012-11-06 | Merge branch 'feature/couchdb' into develop | varac | |
| Conflicts: puppet/modules/site_shorewall/manifests/eip.pp | |||
| 2012-11-02 | accept all outgoing traffic on eip gw | varac | |
| 2012-10-30 | add dnat rule to redirect other ports to port 1194 | varac | |
| 2012-10-30 | start shorewall by default | varac | |
| 2012-10-29 | differentiate masq definition names | varac | |
| 2012-10-29 | configure tcp+udp masquerading | varac | |
| 2012-10-29 | configure tcp masquerading | varac | |
| 2012-10-29 | pass ssh_port to shorewall | varac | |
| 2012-10-29 | put in double quotes | varac | |
| 2012-10-29 | move interface definition for eth0 to eip.pp, use variable | varac | |
| 2012-10-29 | linted | varac | |
| 2012-10-25 | replace hardcoded interface eth0 with hiera variable | varac | |
 |
index : leap_platform.git | |
| [leap_platform] | git repository hosting |
| summaryrefslogtreecommitdiff |