From 7c29957ed9cc826521d30fed1b7469d5b46d8ec5 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Fri, 19 Apr 2019 15:52:56 +0100 Subject: [PATCH 1/3] Fix and consolidate firewall rules Most of them are already defined in the appropriate recipe. And one can be moved. (These are currently opened on every server for no reason.) --- .../5apps-xmpp_server/recipes/default.rb | 2 +- .../kosmos-base/recipes/firewall.rb | 24 ------------------- 2 files changed, 1 insertion(+), 25 deletions(-) diff --git a/site-cookbooks/5apps-xmpp_server/recipes/default.rb b/site-cookbooks/5apps-xmpp_server/recipes/default.rb index bfb1d13..0dd353f 100644 --- a/site-cookbooks/5apps-xmpp_server/recipes/default.rb +++ b/site-cookbooks/5apps-xmpp_server/recipes/default.rb @@ -10,7 +10,7 @@ unless node.chef_environment == "development" include_recipe "firewall" firewall_rule "xmpp" do - port [5222, 5269] + port [5222, 5269, 5281] protocol :tcp command :allow end diff --git a/site-cookbooks/kosmos-base/recipes/firewall.rb b/site-cookbooks/kosmos-base/recipes/firewall.rb index 233a34c..96dd212 100644 --- a/site-cookbooks/kosmos-base/recipes/firewall.rb +++ b/site-cookbooks/kosmos-base/recipes/firewall.rb @@ -38,27 +38,3 @@ firewall_rule 'mosh' do protocol :udp command :allow end - -firewall_rule 'prosody_http_upload' do - port 5281 - protocol :tcp - command :allow -end - -firewall_rule 'hubot_express_hal8000' do - port 8080 - protocol :tcp - command :allow -end - -firewall_rule 'hubot_express_botka_xmpp' do - port 8082 - protocol :tcp - command :allow -end - -firewall_rule 'hubot_express_schlupp_xmpp' do - port 8083 - protocol :tcp - command :allow -end From bafa24351a602f249436b4bb7fd608bafd7796ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Tue, 23 Apr 2019 11:14:33 +0200 Subject: [PATCH 2/3] Remove firewall rule that is already defined --- site-cookbooks/kosmos-hubot/recipes/default.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/site-cookbooks/kosmos-hubot/recipes/default.rb b/site-cookbooks/kosmos-hubot/recipes/default.rb index 30c7091..65bcf67 100644 --- a/site-cookbooks/kosmos-hubot/recipes/default.rb +++ b/site-cookbooks/kosmos-hubot/recipes/default.rb @@ -5,15 +5,6 @@ # Copyright 2017-2018, Kosmos # -unless node.chef_environment == "development" - include_recipe 'firewall' - firewall_rule 'hubot_express_hal8000_freenode' do - port 8080 - protocol :tcp - command :allow - end -end - include_recipe "kosmos-nodejs" include_recipe "kosmos-redis" From 47d2ebe409cf4bfb84a27073d5e0e56f512bc901 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Tue, 23 Apr 2019 11:15:06 +0200 Subject: [PATCH 3/3] Add missing firewall rule for botka on freenode --- site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb index 65c2779..4024294 100644 --- a/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb +++ b/site-cookbooks/kosmos-hubot/recipes/botka_freenode.rb @@ -118,4 +118,11 @@ unless node.chef_environment == "development" end nginx_certbot_site express_domain + + include_recipe "firewall" + firewall_rule 'hubot_express_botka_freenode' do + port express_port + protocol :tcp + command :allow + end end