Skip to content

Patch waagent.conf to add firewall rules #7543

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
liunan-ms merged 2 commits into from
Feb 16, 2024
Merged

Patch waagent.conf to add firewall rules #7543

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1ff586c
Patch waagent.conf to add firewall rules to protect access to Azure h…
liunan-ms Jan 30, 2024
6192c7c
Update SPECS/WALinuxAgent/WALinuxAgent.spec
liunan-ms Jan 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions SPECS/WALinuxAgent/WALinuxAgent.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Summary: The Windows Azure Linux Agent
Name: WALinuxAgent
Version: 2.3.1.1
Release: 3%{?dist}
Release: 4%{?dist}
License: ASL 2.0
Vendor: Microsoft Corporation
Distribution: Mariner
Expand All @@ -11,6 +11,7 @@ Source0: https://github.com/Azure/WALinuxAgent/archive/refs/tags/v%{versi
Source1: ephemeral-disk-warning.service
Source2: ephemeral-disk-warning.conf
Source3: ephemeral-disk-warning
Patch0: add_firewall_rules.patch
BuildRequires: python3-distro
BuildRequires: python3-setuptools
BuildRequires: python3-xml
Expand Down Expand Up @@ -38,7 +39,7 @@ VMs in the Windows Azure cloud. This package should be installed on Linux disk
images that are built to run in the Windows Azure environment.

%prep
%setup -q -n %{name}-%{version}
%autosetup -n %{name}-%{version} -p1

%pre -p /bin/sh

Expand Down Expand Up @@ -90,6 +91,9 @@ python3 setup.py check && python3 setup.py test
%{python3_sitelib}/*

%changelog
* Tue Jan 30 2024 Nan Liu <liunan@microsoft.com> - 2.3.1.1-4
- Patch waagent.conf to add firewall rules to protect access to Azure host node

* Tue Nov 10 2022 Nan Liu <liunan@microsoft.com> - 2.3.1.1-3
- Add ephemeral-disk-warning.service

Expand Down
24 changes: 24 additions & 0 deletions SPECS/WALinuxAgent/add_firewall_rules.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
From 9ac40d805925f130283ed54f3cbb424afad41461 Mon Sep 17 00:00:00 2001
From: Nan Liu <liunan@microsoft.com>
Date: Tue, 30 Jan 2024 17:58:36 +0000
Subject: [PATCH] Add firewall rules to protect access to Azure host node
services

---
config/mariner/waagent.conf | 3 +++
1 file changed, 3 insertions(+)

diff --git a/config/mariner/waagent.conf b/config/mariner/waagent.conf
index 65da131..cda61de 100644
--- a/config/mariner/waagent.conf
+++ b/config/mariner/waagent.conf
@@ -78,3 +78,6 @@ AutoUpdate.GAFamily=Prod
# handling until inVMArtifactsProfile.OnHold is false.
# Default is disabled
# EnableOverProvisioning=n
+
+# Add firewall rules to protect access to Azure host node services
+OS.EnableFirewall=y
--
2.25.1