A couple of meetings ago someone mentioned the tool pyroman[0] in regard to managing the firewalls on our infrastructure. Since then, I've been playing around with this tool, and have been fairly impressed.
I've imported pyroman 0.3 along with a _basic_ Fedora infrastructure profile into cvs. I've added all of our PHX machines listed on InfrastructurePrivate, and added some other minor tweaks. It's not 100% ready for deployment yet, it still needs:
o to allow traffic to most services on our machines o profiles for our machines at Duke o to be compared against our current rc.firewall script - I've ported over most of it (the stuff I could actually understand), but there might be some stuff I missed o LOTS of testing
The more testing and the more eyes we can get on this, the better. You should be able to hop on any machine and check it out of cvs:
cvs -d cvs-int.fedora.phx.redhat.com:/cvs/fedora co pyroman
From here, you can run `./pyroman --dump`, which will spit out all of the
chains instead of just trying to load them.
Hack away, infrastructure ninjas!
luke
On Thu, Jul 06, 2006 at 05:19:42PM -0400, Luke Macken wrote:
A couple of meetings ago someone mentioned the tool pyroman[0] in regard to managing the firewalls on our infrastructure. Since then, I've been playing around with this tool, and have been fairly impressed.
I've imported pyroman 0.3 along with a _basic_ Fedora infrastructure profile into cvs. I've added all of our PHX machines listed on InfrastructurePrivate, and added some other minor tweaks. It's not 100% ready for deployment yet, it still needs:
o to allow traffic to most services on our machines o profiles for our machines at Duke o to be compared against our current rc.firewall script - I've ported over most of it (the stuff I could actually understand), but there might be some stuff I missed o LOTS of testing
We should probably toss ipv6 support on this list too.
luke
infrastructure@lists.fedoraproject.org