Merge Request #18
← To merge requests
From
add_to_fix_external_firewall
into
fix_external_firewall
Commits (1)
3 participants
-
Do we really need to open both ways? I would expect FORWARD to work only using line 12.
-
Edit: git pull/push working properly on port 22
Whenever we remove line 13, it logs:
FORWARD: SRC=[integration] DST=[user in external network] SPT=22 DPT=[high port] ACK SYN.
In this case, I believe we do need to forward the responses to the other side. Would that be a problem? I also tested these new rules git communications on port 22 (basically pull and push) and it works fine.
-
Makes sense. Ok! :)
-
mentioned in commit ae616f4df74b6e7bab644a725094ec3e49401939
started a discussion
on the diff
cookbooks/firewall/templates/host-reverseproxy/iptables-filter.erb
| 7 | 7 | |
| 8 | 8 | # Real SSH connection |
| 9 | 9 | -A INPUT -s <%= node['peers']['integration'] %> -p tcp -m state --state NEW --dport <%= node['config']['alt_ssh_port'] %> -j ACCEPT |
| 10 | + | |
| 11 | +# Allow forwarding to integration on port 22 | |
| 3 |
|
|
