| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
|
| |
- Add verify_chain action to os_firewall_manage_iptables module
- Update os_firewall module to use os_firewall_manage_iptables for creating
the DOCKER chain.
|
| |
|
|\
| |
| | |
Random cleanup
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
- Fix variable references to os_firewall_{allow,deny} instead of {allow, deny}
- Fix ordering of service stop/start to ensure firewall rules are properly
initiated after service startup
- Add test for package installed before attempting to disable or mask services
|
|/
|
|
|
| |
- Fix missed references to old firewall scripts
- Fix variable name references that didn't get updated
|
|
- Add os_firewall role
- Remove firewall settings from base_os, add wait task to os_firewall
- Added a iptables firewall module for maintaining the following (in a mostly
naive manner):
- ensure the OPENSHIFT_ALLOW chain is defined
- ensure that there is a jump rule in the INPUT chain for OPENSHIFT_ALLOW
- adds or removes entries from the OPENSHIFT_ALLOW chain
- issues '/usr/libexec/iptables/iptables.init save' when rules are changed
- Limitations of iptables firewall module
- only allows setting of ports/protocols to open
- no testing on ipv6 support
- made os_firewall a dependency of openshift_common
- Hardcoded openshift_common to use iptables (through the vars directory)
until upstream support is in place for firewalld
|