Andrew Bogott has submitted this change and it was merged.
Change subject: Limit LDAP access to internal
......................................................................
Limit LDAP access to internal
Note that the current ldap::firewall rules are not yet activated, they're
only defined, but ferm is not enabled on neptunium or nembus
Bug: T102481
Change-Id: Idb3bfed0f3677bbfaf2a47e6e4fef4df0523085c
---
M modules/ldap/manifests/server.pp
1 file changed, 2 insertions(+), 2 deletions(-)
Approvals:
Andrew Bogott: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/ldap/manifests/server.pp b/modules/ldap/manifests/server.pp
index 24e338d..f932e65 100644
--- a/modules/ldap/manifests/server.pp
+++ b/modules/ldap/manifests/server.pp
@@ -18,11 +18,11 @@
}
ferm::rule { 'ldap_private_labs':
- rule => 'saddr (10.0.0.0/8 208.80.152.0/22) proto tcp dport (ldap
ldaps) ACCEPT;',
+ rule => 'saddr (10.0.0.0/8 208.80.152.0/22) daddr (10.0.0.0/8
208.80.152.0/22) proto tcp dport (ldap ldaps) ACCEPT;',
}
ferm::rule { 'ldap_backend_private_labs':
- rule => 'saddr (10.0.0.0/8 208.80.152.0/22) proto tcp dport (1389
1636) ACCEPT;',
+ rule => 'saddr (10.0.0.0/8 208.80.152.0/22) daddr (10.0.0.0/8
208.80.152.0/22) proto tcp dport (1389 1636) ACCEPT;',
}
}
--
To view, visit https://gerrit.wikimedia.org/r/222567
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idb3bfed0f3677bbfaf2a47e6e4fef4df0523085c
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: coren <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
