Ferm DSL is nice and featureful. There's a pretty sophisticated debops
ferm role at [1] allowing for pretty sophisticated rule definitions
[2]. Structurally I think the most important thing is having the
ability to define rules in layers based on host_vars, group_vars, etc.
and have them blended to
On 08/02/2017 03:57 AM, Mark Goddard wrote:
> The solution we built used a conf.d/ mechanism layered on top of iptables. An
> advantage of this approach is that operators or co-resident software stacks
> could add their own rules to the firewall. AFAIK, this is not generally
> possible when usin
In my previous job we had to build a firewall solution for our OpenStack
control plane. Our research found that firewalld may have a habit of
'fighting' against the rules added by certain OpenStack services. This was
over a year ago, so things may have changed. We didn't pursue firewalld as
a solut
On 07/26/2017 05:59 PM, Major Hayden wrote:
>
> firewalld disadvantages
> ---
> 1) Different distributions have different base rule sets
Also different distributions offer different version of firewalld which
means different behavior and possibly bugs between them. The Ansible
On Thu, Jul 27, 2017 at 2:31 AM, Jean-Philippe Evrard <
jean-phili...@evrard.me> wrote:
>
> For ppl who aren't iptables experts, firewalld module brings a lot of
> readability.
> If we are doing the tasks equivalent with iptables, the readability will
> be brought in by variables (I mean variables
Hello,
A few additions for/against firewalld, linked to ansible's firewalld
module: http://docs.ansible.com/ansible/latest/firewalld_module.html
+:
The module is built-in, so no need to ship it. It provides idempotency, and
is easy to use.
-:
The module is: "Not tested on any Debian based system
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hey there,
I'm working through some drafts of a spec[0] (rendered[1]) that aims to deploy
software firewalls within an OpenStack-Ansible deployment. The goal is to
increase security by restricting lateral movement.
One of the questions that was r
