summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Clinton Ebadi [Fri, 7 Sep 2012 05:35:20 +0000 (01:35 -0400)]
Release
Clinton Ebadi [Fri, 7 Sep 2012 05:22:51 +0000 (01:22 -0400)]
Include service firewall rules
Instead of a per-machine package, keep the ports with the service for
now. Ideally domtool would handle all of this.
Clinton Ebadi [Thu, 29 Mar 2012 06:48:44 +0000 (02:48 -0400)]
Basic restrictive firewall
* Only open ports needed for kerberos, afs, ntp, dns requests, ssh
* Only root can open http connections (for apt)
* Outgoing icmp requests disabled for now -- this was thh default,
not certain if there are any advantages/disadvantages to this
* Include local in/out ports using local conffiles (for now, fwtool
will surface properly eventually)