Muehlenhoff has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/363213 )
Change subject: Restrict http access to ununpentium
......................................................................
Restrict http access to ununpentium
rt.wikimedia.org is served via Varnish, so restrict to production
networks.
Now that it no longer needs SMTP access, it could also be removed to
a non-public address, but not sure if that's really worth the hassle.
Change-Id: Iebc3228fc69f133190a899bf883607c7a423812c
---
M modules/profile/manifests/requesttracker/server.pp
1 file changed, 3 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/13/363213/1
diff --git a/modules/profile/manifests/requesttracker/server.pp
b/modules/profile/manifests/requesttracker/server.pp
index 098b1a7..8c4ae6c 100644
--- a/modules/profile/manifests/requesttracker/server.pp
+++ b/modules/profile/manifests/requesttracker/server.pp
@@ -23,8 +23,8 @@
include ::base::firewall
ferm::service { 'rt-http':
- proto => 'tcp',
- port => '80',
+ proto => 'tcp',
+ port => '80',
+ srange => '$PRODUCTION_NETWORKS',
}
-
}
--
To view, visit https://gerrit.wikimedia.org/r/363213
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iebc3228fc69f133190a899bf883607c7a423812c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
