[MediaWiki-commits] [Gerrit] tor-relay - add firewalling - change (operations/puppet)

Fri, 17 Oct 2014 16:31:44 -0700 

Dzahn has submitted this change and it was merged.

Change subject: tor-relay - add firewalling
......................................................................


tor-relay - add firewalling

as requested in #7971, let this
have strict ferm rules before using it
on radium

base::firewall added to radium in separate change

Change-Id: Ie800d4ef97563dc4bdeefc2d58c5562ae3e3ae2b
RT: 7971
---
M modules/tor/manifests/init.pp
1 file changed, 23 insertions(+), 0 deletions(-)

Approvals:
  Alexandros Kosiaris: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/tor/manifests/init.pp b/modules/tor/manifests/init.pp
index 2c6cc00..b1ba575 100644
--- a/modules/tor/manifests/init.pp
+++ b/modules/tor/manifests/init.pp
@@ -35,4 +35,27 @@
         ensure  => 'running',
         require => Package['tor'],
     }
+
+    # TC - Tor control protocol, private
+    # 
https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=control-spec.txt
+    ferm::service { 'tor_controlport':
+        desc   => 'control port for the tor relay',
+        proto  => 'tcp',  # can be TCP, TLS-over-TCP, or Unix-domain socket
+        port   => $tor_controlport,
+        srange => $::INTERNAL, # keep private for security!
+    }
+
+    # actual Tor port where clients connect, public
+    ferm::service { 'tor_orport':
+        desc   => 'port for the actual Tor client connections',
+        proto  => 'tcp',
+        port   => $tor_orport,
+    }
+
+    # for serving directory updates, public
+    ferm::service { 'tor_dirport':
+        desc   => 'port advertising the directory service',
+        proto  => 'tcp',
+        port   => $tor_dirport,
+    }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/167159
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie800d4ef97563dc4bdeefc2d58c5562ae3e3ae2b
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to