Skip to content
Snippets Groups Projects
  1. Feb 12, 2020
    • McConahy, Renee Margaret's avatar
      Remove firewall tasks. · 9398f92b
      McConahy, Renee Margaret authored
      Ordinary firewall filtering rules, placed in iptables's "INPUT" chain in
      the "filter" table, aren't applied to Docker's ingress traffic, which is
      redirected ("NATted") to Docker's interface by the "PREROUTING" chain in
      the "nat" table. Hence, the rules pretending to allow LOCKSS management
      traffic from trusted hosts are superfluous and misleading: traffic to
      those ports is instead restricted by LOCKSS according to its
      "LOCKSS_ACCESS_SUBNET" variable.
      
      I could write rules to filter Docker's ingress traffic, but I would
      rather not take the time--I would need to take care that they were
      always given priority over Docker's rules, even when Docker were
      restarted--and LOCKSS's own handling of matters ought to be sufficient
      for now.
      
      With that, the base firewall rules (enabling a default-deny ingress
      policy with an exception for ssh) seem out of scope for this role.
      9398f92b
    • McConahy, Renee Margaret's avatar
      Make minor stylistic changes. · 1df60fea
      McConahy, Renee Margaret authored
      - Vagrantfile: Correct the path to the parsed YAML file. (This caused
        'vagrant global-status' to fail when called from outside the project's
        directory.)
      
      - Vagrantfile: As we do not use it, disable the default sharing of the
        project's directory with the VMs.
      
      - lockss: Use /tmp as temporary directory.
      
      - Other trivialities.
      1df60fea
  2. Feb 11, 2020
  3. Jan 28, 2020
  4. Jan 24, 2020
  5. Jan 17, 2020
Loading