system-config

History

Clark Boylan 94eb7e5d2b Set iptables forward drop by default Docker wants to set FORWARD DROP but our existing rules set FORWARD ACCEPT. To avoid these two services fighting over each other and to simplify testing lets default to FORWARD DROP too. None of our servers should act as routers currently. If we resurrect infracloud or if we deploy k8s this may change but today this should be fine and be a safer ruleset. Change-Id: I5f19233129cf54eb70beb335c7b6224f0836096c	2018-12-14 10:33:26 -08:00
..
rules.v4.j2	Set iptables forward drop by default	2018-12-14 10:33:26 -08:00
rules.v6.j2	Set iptables forward drop by default	2018-12-14 10:33:26 -08:00

Clark Boylan 94eb7e5d2b Set iptables forward drop by default

Docker wants to set FORWARD DROP but our existing rules set FORWARD
ACCEPT. To avoid these two services fighting over each other and to
simplify testing lets default to FORWARD DROP too.

None of our servers should act as routers currently. If we resurrect
infracloud or if we deploy k8s this may change but today this should be
fine and be a safer ruleset.

Change-Id: I5f19233129cf54eb70beb335c7b6224f0836096c

2018-12-14 10:33:26 -08:00

rules.v4.j2

Set iptables forward drop by default

2018-12-14 10:33:26 -08:00

rules.v6.j2

Set iptables forward drop by default

2018-12-14 10:33:26 -08:00