Closed
Bug 1386872
Opened 7 years ago
Closed 7 years ago
Enabled firewall on OCC w7 moonshot profile
Categories
(Infrastructure & Operations :: RelOps: General, task)
Infrastructure & Operations
RelOps: General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dividehex, Assigned: markco)
References
Details
We need to setup OCC to turn on firewalling with a default deny policy similar to the one for w10 filed in bug 1386757 This is only for w7 on moonshot. AWS will be handled entirely through security group policies. The policy would look roughly like: ALLOW ALL OUTGOING (engress) ALLOW PING/ICMP INCOMING (ingress) ALLOW SSH/VNC/RDP INCOMING (ingress) DENY EVERYTHING ELSE INCOMING (ingress) If there is a listening port that needs an except, call it out here. But AFAIK, there should be with tc worker. It is entirely pull/polling/outgoing. SSH = port tcp/22 VNC = port tcp/5900 RDP = port tcp/3389
Reporter | ||
Comment 1•7 years ago
|
||
:arr pointed out, I forgot to note ssh/vnc/rdp should be source limited to the jumphosts. rejh1.srv.releng.scl3.mozilla.com has address 10.26.48.19 rejh2.srv.releng.scl3.mozilla.com has address 10.26.48.20 rejh1.srv.releng.mdc1.mozilla.com has address 10.49.48.100 rejh2.srv.releng.mdc1.mozilla.com has address 10.49.48.101
Assignee | ||
Comment 2•7 years ago
|
||
The only the connection method that is active on the Windows OCC hardware is VNC and the firewall rules are set up through MDT and will be ported to OCC in the future.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•