pyroman/Fedora 02_icmp-essentials.py, 1.1.1.1, 1.2 20_services.py, 1.1.1.1, 1.2 25_networks.py, 1.1.1.1, 1.2 30_proxies.py, 1.1.1.1, 1.2 31_apps.py, 1.1.1.1, 1.2 33_cvs.py, 1.1.1.1, 1.2

Luke Macken (lmacken) fedora-extras-commits at redhat.com
Fri Jul 14 16:46:23 UTC 2006 

Author: lmacken

Update of /cvs/fedora/pyroman/Fedora
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20549

Modified Files:
	02_icmp-essentials.py 20_services.py 25_networks.py 
	30_proxies.py 31_apps.py 33_cvs.py 
Log Message:
minor tweaks and cleanups


Index: 02_icmp-essentials.py
===================================================================
RCS file: /cvs/fedora/pyroman/Fedora/02_icmp-essentials.py,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- 02_icmp-essentials.py	6 Jul 2006 19:36:25 -0000	1.1.1.1
+++ 02_icmp-essentials.py	14 Jul 2006 16:46:20 -0000	1.2
@@ -22,9 +22,9 @@
 iptables("USR_icmp", "-p icmp --icmp-type router-advertisement -j DROP")
 iptables("USR_icmp", "-p icmp --icmp-type router-advertisement -j DROP")
 iptables("USR_icmp", "-p icmp --icmp-type destination-unreachable -j ACCEPT")
-iptables("OUTPUT", "-p icmp --icmp-type destination-unreachable -j ACCEPT")
-iptables("OUTPUT", "-p icmp --icmp-type time-exceeded -j ACCEPT")
-iptables("OUTPUT", "-p icmp --icmp-type echo-request -j ACCEPT")
+#iptables("OUTPUT", "-p icmp --icmp-type destination-unreachable -j ACCEPT")
+#iptables("OUTPUT", "-p icmp --icmp-type time-exceeded -j ACCEPT")
+#iptables("OUTPUT", "-p icmp --icmp-type echo-request -j ACCEPT")
 iptables("FORWARD","-p icmp --icmp-type destination-unreachable -j ACCEPT")
 iptables("FORWARD","-p icmp --icmp-type time-exceeded -j ACCEPT")
 


Index: 20_services.py
===================================================================
RCS file: /cvs/fedora/pyroman/Fedora/20_services.py,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- 20_services.py	6 Jul 2006 19:36:25 -0000	1.1.1.1
+++ 20_services.py	14 Jul 2006 16:46:20 -0000	1.2
@@ -6,7 +6,6 @@
 Ports can be given with their names (as of /etc/services), with port ranges
 (in iptables syntax, i.e. 12:34) trailed by their protocol (12:34/tcp)
 """
-### these are shorthands for very common services
 
 ## Ping
 add_service("ping", dports="echo-request/icmp")


Index: 25_networks.py
===================================================================
RCS file: /cvs/fedora/pyroman/Fedora/25_networks.py,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- 25_networks.py	6 Jul 2006 19:36:25 -0000	1.1.1.1
+++ 25_networks.py	14 Jul 2006 16:46:20 -0000	1.2
@@ -2,10 +2,10 @@
 Define the networks available here, or more precisely "hostgroups".
 Many of your policy rules will probably target whole subnets.
 """
-## Internal network
+## phx.redhat.com network
 add_host(
-	name="INT",
-	ip="10.8.34.0/24",
+	name="PHX",
+	ip="10.8.34.0/24 10.8.32.0/24 10.8.31.0/24",
 	iface="eth0"
 )
 


Index: 30_proxies.py
===================================================================
RCS file: /cvs/fedora/pyroman/Fedora/30_proxies.py,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- 30_proxies.py	6 Jul 2006 19:36:25 -0000	1.1.1.1
+++ 30_proxies.py	14 Jul 2006 16:46:20 -0000	1.2
@@ -40,13 +40,5 @@
     client = "ANY",
     server = "proxy1.fedora.phx.redhat.com proxy2.fedora.phx.redhat.com " + \
 	     "proxy3.fedora.phx.redhat.com proxy4.fedora.phx.redhat.com",
-    service = "www ping"
-)
-
-## Let internal hosts ssh in
-allow(
-    client = "INT",
-    server = "proxy1.fedora.phx.redhat.com proxy2.fedora.phx.redhat.com " + \
-	     "proxy3.fedora.phx.redhat.com proxy4.fedora.phx.redhat.com",
-    service = "ssh"
+    service = "www ping ssh"
 )


Index: 31_apps.py
===================================================================
RCS file: /cvs/fedora/pyroman/Fedora/31_apps.py,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- 31_apps.py	6 Jul 2006 19:36:25 -0000	1.1.1.1
+++ 31_apps.py	14 Jul 2006 16:46:20 -0000	1.2
@@ -22,7 +22,7 @@
 )
 
 allow(
-    client="INT",
+    client="PHX",
     server="app1.fedora.phx.redhat.com app2.fedora.phx.redhat.com",
     service="ssh"
 )


Index: 33_cvs.py
===================================================================
RCS file: /cvs/fedora/pyroman/Fedora/33_cvs.py,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- 33_cvs.py	6 Jul 2006 19:36:25 -0000	1.1.1.1
+++ 33_cvs.py	14 Jul 2006 16:46:20 -0000	1.2
@@ -15,7 +15,7 @@
 )
 
 allow(
-    client="INT",
+    client="PHX",
     server="cvs-int.fedora.phx.redhat.com",
     service="cvs git ping"
 )

More information about the fedora-extras-commits mailing list