Closed
Bug 1369566
Opened 8 years ago
Closed 7 years ago
OSX firewall puppet support
Categories
(Infrastructure & Operations :: RelOps: Puppet, task)
Infrastructure & Operations
RelOps: Puppet
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dividehex, Assigned: dividehex)
References
Details
Attachments
(3 files)
|
18.26 KB,
patch
|
dhouse
:
review+
|
Details | Diff | Splinter Review |
|
5.45 KB,
patch
|
dhouse
:
review+
dividehex
:
checked-in+
|
Details | Diff | Splinter Review |
|
2.79 KB,
patch
|
dhouse
:
review+
dividehex
:
checked-in+
|
Details | Diff | Splinter Review |
This really deserves a bug of its own. OSX has a couple firewall layers, the one we will be focusing on is the pf (packet firewall).
|
Assignee | |
Comment 1•8 years ago
|
||
I'll be using t-yosemite-r7-393.test.releng.mdc1.mozilla.com for testing.
|
|
Assignee | |
Comment 2•8 years ago
|
||
This is my first attempt at setting up a module for osx pf management. It also setups up a roles and profile framework for build modular firewall rule definitions independent of which posix OS we are trying to manage.
The rules and network definitions are in no way meant to be exhaustive. I've only setup a few roles/profiles to get the ball rolling for when we come together and start filling in the blanks.
Attachment #8879716 -
Flags: review?(dhouse)
Attachment #8879716 -
Flags: review?(dhouse) → review+
|
|
Assignee | |
Comment 3•8 years ago
|
||
This adds support for OSX 10.7 to the pf module. For the most part, there is not a big difference.
* pf.conf per osx major version
* Do not pass tcpdump sdterr to syslog since it is verbose on startup
Attachment #8893000 -
Flags: review?(dhouse)
Attachment #8893000 -
Flags: review?(dhouse) → review+
|
|
Assignee | |
Comment 4•8 years ago
|
||
This ensure the pflog daemon actually runs via puppet and not just on boot. Also, moved service to a proper name format.
Attachment #8893499 -
Flags: review?(dhouse)
|
|
Assignee | |
Comment 5•8 years ago
|
||
Comment on attachment 8893000 [details] [diff] [review]
10.7 pf module support
https://hg.mozilla.org/build/puppet/rev/88a5dea2a59d4e01d7f4b73b4070fda1b0b28c36
https://hg.mozilla.org/build/puppet/rev/ba6f6f842411d192ed35f3bda68708607b5f274d
Attachment #8893000 -
Flags: checked-in+
Attachment #8893499 -
Flags: review?(dhouse) → review+
|
|
Assignee | |
Comment 6•8 years ago
|
||
Comment on attachment 8893499 [details] [diff] [review]
Fix pflog plist and add service resource
https://hg.mozilla.org/build/puppet/rev/6432dc7e24232833b490db4692109c117b801b78
https://hg.mozilla.org/build/puppet/rev/7cfbef8a71a4643d62cbb6df551d7a06e40db15c
Attachment #8893499 -
Flags: checked-in+
|
|
Assignee | |
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•