HCoop / hcoop / zz_old / debian / hcoop-firewall-config.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: d4245e0)
Include service firewall rules
authorClinton Ebadi <clinton@unknownlamer.org>
Fri, 7 Sep 2012 05:22:51 +0000 (01:22 -0400)
committerClinton Ebadi <clinton@unknownlamer.org>
Fri, 7 Sep 2012 05:22:51 +0000 (01:22 -0400)
Instead of a per-machine package, keep the ports with the service for
now. Ideally domtool would handle all of this.

debian/hcoop-firewall-config.dirs [new file with mode: 0644] patch | blob
files/ferm.conf.hcoop patch | blob | blame | history

diff --git a/debian/hcoop-firewall-config.dirs b/debian/hcoop-firewall-config.dirs
new file mode 100644 (file)
index 0000000..27cc7de
--- /dev/null
+++ b/debian/hcoop-firewall-config.dirs
@@ -0,0 +1,2 @@
+etc/ferm/service.in.d
+etc/ferm/service.out.d
\ No newline at end of file
diff --git a/files/ferm.conf.hcoop b/files/ferm.conf.hcoop
index 2637c92..12c90d7 100644 (file)
--- a/files/ferm.conf.hcoop
+++ b/files/ferm.conf.hcoop
@@ -29,6 +29,7 @@ table filter {
        proto (tcp udp) dport ( kerberos afs3-callback ) ACCEPT;
 
        # system ports
+       @include 'service.in.d/';
        @include 'local_ports_in.conf';
        #@include 'users_tcp_in.conf'
     }
@@ -53,6 +54,7 @@ table filter {
         # root needs port 80 for things like apt-get
        mod owner uid-owner 0 { proto (tcp) dport (http https) ACCEPT; }
 
+       @include 'service.out.d/';
        @include 'local_ports_out.conf';
        #include 'users_tcp_out.conf'
     }
hcoop-firewall-config packaging