Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
1 result
Blame Permalink
  • McConahy, Renee Margaret's avatar
    f7b53a6e
    Upgrade to LOCKSS v2.0-alpha2. · f7b53a6e
    McConahy, Renee Margaret authored 
    Among other things, this version uses Docker's host-based networking
rather than the ingress network. This simplifies the networking setup,
but I'm leaving ferm in place because it is easier to configure than ufw
or firewalld, and we may need to switch back again.
    f7b53a6e
    History
    Upgrade to LOCKSS v2.0-alpha2.
    McConahy, Renee Margaret authored 
    Among other things, this version uses Docker's host-based networking
rather than the ingress network. This simplifies the networking setup,
but I'm leaving ferm in place because it is easier to configure than ufw
or firewalld, and we may need to switch back again.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
10-in-lockss.ferm.j2 868 B 
@def $LOCKSS_NET = ({{ lockss_network_ips | join(" ") }});
@def $MGMT_NET = ({{ lockss_admin_ips | join(" ") }});
@def $LOCKSS_CONFIG_PORTS = (
    24640 24641               # metadata-extraction-service
    5432                      # postgres
    24650 24651               # metadata-service
    24610                     # repository-service
    24620 24621               # configuration-service
    9729 24630 24631 24680    # poller
    8080                      # pywb
    8983                      # solr
);
@def $LOCKSS_NET_PORTS = (
    9729    # poller
);

domain (ip ip6) table filter chain INPUT {
    # The destination ports here are the ports listening inside the container.
    # These may differ from those on the host.

    saddr $LOCKSS_NET proto tcp dport $LOCKSS_NET_PORTS ACCEPT;
    saddr $MGMT_NET proto tcp dport $LOCKSS_CONFIG_PORTS ACCEPT;
}