Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

modify our firewall rules to have network names #5492

Open
6 of 12 tasks
kayiwa opened this issue Oct 30, 2024 · 1 comment · May be fixed by #5500
Open
6 of 12 tasks

modify our firewall rules to have network names #5492

kayiwa opened this issue Oct 30, 2024 · 1 comment · May be fixed by #5500
Assignees

Comments

@kayiwa
Copy link
Member

kayiwa commented Oct 30, 2024

What maintenance needs to be done?

Currently, our firewall rules use CIDR notation to define allowed IP address ranges. This makes it difficult to manage and update the rules, especially when IP addresses change or network segments are reorganized. To improve maintainability and readability, we need to update the firewall rules to use Ansible network variables instead of raw CIDR blocks.

Level of urgency

  • High
  • Moderate
  • Low

Why is this maintenance needed?

Action Items:

  • - Identify Firewall Rules: Review all existing firewall rules and identify those that use CIDR notation for network definitions.
  • - Define Ansible Network Variables:
  • - Create Ansible variables in the ufw_firewall to represent the relevant network segments.
  • - Use descriptive names for the variables (e.g., internal_network, libnet, vpn).
  • - Assign the corresponding CIDR blocks to these variables.
  • - Update Firewall Rules:
  • - Modify the firewall rules to replace CIDR blocks with the Ansible network variables.
  • - Ensure that the syntax for using variables within the firewall rules is correct

Acceptance criteria

  • swap out the rules in for abid-staging2.lib.princeton.edu
  • [ ]
  • [ ]

Implementation notes, if any

@kayiwa
Copy link
Member Author

kayiwa commented Nov 5, 2024

depends on #5520

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants