pyroman/Fedora 02_icmp-essentials.py, 1.1.1.1, 1.2 20_services.py, 1.1.1.1, 1.2 25_networks.py, 1.1.1.1, 1.2 30_proxies.py, 1.1.1.1, 1.2 31_apps.py, 1.1.1.1, 1.2 33_cvs.py, 1.1.1.1, 1.2
Luke Macken (lmacken)
fedora-extras-commits at redhat.com
Fri Jul 14 16:46:23 UTC 2006
Author: lmacken
Update of /cvs/fedora/pyroman/Fedora
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20549
Modified Files:
02_icmp-essentials.py 20_services.py 25_networks.py
30_proxies.py 31_apps.py 33_cvs.py
Log Message:
minor tweaks and cleanups
Index: 02_icmp-essentials.py
===================================================================
RCS file: /cvs/fedora/pyroman/Fedora/02_icmp-essentials.py,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- 02_icmp-essentials.py 6 Jul 2006 19:36:25 -0000 1.1.1.1
+++ 02_icmp-essentials.py 14 Jul 2006 16:46:20 -0000 1.2
@@ -22,9 +22,9 @@
iptables("USR_icmp", "-p icmp --icmp-type router-advertisement -j DROP")
iptables("USR_icmp", "-p icmp --icmp-type router-advertisement -j DROP")
iptables("USR_icmp", "-p icmp --icmp-type destination-unreachable -j ACCEPT")
-iptables("OUTPUT", "-p icmp --icmp-type destination-unreachable -j ACCEPT")
-iptables("OUTPUT", "-p icmp --icmp-type time-exceeded -j ACCEPT")
-iptables("OUTPUT", "-p icmp --icmp-type echo-request -j ACCEPT")
+#iptables("OUTPUT", "-p icmp --icmp-type destination-unreachable -j ACCEPT")
+#iptables("OUTPUT", "-p icmp --icmp-type time-exceeded -j ACCEPT")
+#iptables("OUTPUT", "-p icmp --icmp-type echo-request -j ACCEPT")
iptables("FORWARD","-p icmp --icmp-type destination-unreachable -j ACCEPT")
iptables("FORWARD","-p icmp --icmp-type time-exceeded -j ACCEPT")
Index: 20_services.py
===================================================================
RCS file: /cvs/fedora/pyroman/Fedora/20_services.py,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- 20_services.py 6 Jul 2006 19:36:25 -0000 1.1.1.1
+++ 20_services.py 14 Jul 2006 16:46:20 -0000 1.2
@@ -6,7 +6,6 @@
Ports can be given with their names (as of /etc/services), with port ranges
(in iptables syntax, i.e. 12:34) trailed by their protocol (12:34/tcp)
"""
-### these are shorthands for very common services
## Ping
add_service("ping", dports="echo-request/icmp")
Index: 25_networks.py
===================================================================
RCS file: /cvs/fedora/pyroman/Fedora/25_networks.py,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- 25_networks.py 6 Jul 2006 19:36:25 -0000 1.1.1.1
+++ 25_networks.py 14 Jul 2006 16:46:20 -0000 1.2
@@ -2,10 +2,10 @@
Define the networks available here, or more precisely "hostgroups".
Many of your policy rules will probably target whole subnets.
"""
-## Internal network
+## phx.redhat.com network
add_host(
- name="INT",
- ip="10.8.34.0/24",
+ name="PHX",
+ ip="10.8.34.0/24 10.8.32.0/24 10.8.31.0/24",
iface="eth0"
)
Index: 30_proxies.py
===================================================================
RCS file: /cvs/fedora/pyroman/Fedora/30_proxies.py,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- 30_proxies.py 6 Jul 2006 19:36:25 -0000 1.1.1.1
+++ 30_proxies.py 14 Jul 2006 16:46:20 -0000 1.2
@@ -40,13 +40,5 @@
client = "ANY",
server = "proxy1.fedora.phx.redhat.com proxy2.fedora.phx.redhat.com " + \
"proxy3.fedora.phx.redhat.com proxy4.fedora.phx.redhat.com",
- service = "www ping"
-)
-
-## Let internal hosts ssh in
-allow(
- client = "INT",
- server = "proxy1.fedora.phx.redhat.com proxy2.fedora.phx.redhat.com " + \
- "proxy3.fedora.phx.redhat.com proxy4.fedora.phx.redhat.com",
- service = "ssh"
+ service = "www ping ssh"
)
Index: 31_apps.py
===================================================================
RCS file: /cvs/fedora/pyroman/Fedora/31_apps.py,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- 31_apps.py 6 Jul 2006 19:36:25 -0000 1.1.1.1
+++ 31_apps.py 14 Jul 2006 16:46:20 -0000 1.2
@@ -22,7 +22,7 @@
)
allow(
- client="INT",
+ client="PHX",
server="app1.fedora.phx.redhat.com app2.fedora.phx.redhat.com",
service="ssh"
)
Index: 33_cvs.py
===================================================================
RCS file: /cvs/fedora/pyroman/Fedora/33_cvs.py,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- 33_cvs.py 6 Jul 2006 19:36:25 -0000 1.1.1.1
+++ 33_cvs.py 14 Jul 2006 16:46:20 -0000 1.2
@@ -15,7 +15,7 @@
)
allow(
- client="INT",
+ client="PHX",
server="cvs-int.fedora.phx.redhat.com",
service="cvs git ping"
)
More information about the fedora-extras-commits
mailing list