Forum: Cfengine Help
Subject: Re: please advise on cfengine3 security design best practices
Author: neilhwatson
Link to topic: https://cfengine.com/forum/read.php?3,19246,19248#msg-19248
unxxhd01|configa01::
allowallconnects => { @{g.client_networks} };
!(unxxhd01|configa01)::
allowallconnects => { "${g.phost}" };
trustkeysfrom => { "${g.phost}" };
unxxhd01 and configa01 are my CF policy servers. So these servers trust
connections from a list of networks I supply. All other hosts only trust the
policy host.
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
