Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatically create cloud firewall rules for installs onto Vultr #1400

Merged
merged 9 commits into from
Apr 27, 2019
Merged

Automatically create cloud firewall rules for installs onto Vultr #1400

merged 9 commits into from
Apr 27, 2019

Conversation

TC1977
Copy link
Contributor

@TC1977 TC1977 commented Apr 21, 2019

Description

Adds appropriate firewall rules in Vultr during the cloud install process using the vr_firewall_group and vr_firewall_rule modules, in concordance with existing rules for EC2 and GCE. Used this tutorial.

Motivation and Context

Not sure if it's really necessary, given the Algo server's own iptables rules, but it may give another layer of protection.

How Has This Been Tested?

Deployed successfully from a Mac and confirmed correct firewall rules.

Screen Shot 2019-04-21 at 1 07 51 AM
Screen Shot 2019-04-21 at 1 08 16 AM

If this is something you want to go ahead with, I'd then change the consolidated firewall docs slightly to mention that Vultr has an external firewall set up.

Types of changes

  • [] Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • [] Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • I have read the CONTRIBUTING document.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • [] I have updated the documentation accordingly.
  • All new and existing tests passed.

@TC1977
Copy link
Contributor Author

TC1977 commented Apr 25, 2019
edited
Loading

This will run into the same deprecation warnings if and when #1397 is merged. Should I rebase this off the fix-213 branch and change the module names accordingly? See below, changed module names and rebased off master after #1397 was merged. Then retested, deployed successfully (again using default path to .ini file) and fixed those trailing whitespaces.

@jackivanov
Copy link
Collaborator

Thanks!

@jackivanov jackivanov merged commit faa4b9a into trailofbits:master Apr 27, 2019
@ibeanubis ibeanubis mentioned this pull request Apr 27, 2019
Closed
@TC1977 TC1977 deleted the vultr-firewall branch April 27, 2019 19:22
andreimc added a commit to tunnelhero/algo that referenced this pull request Apr 29, 2019
@andreimc
Merge remote-tracking branch 'upstream/master'
f41d47e 
* upstream/master: (22 commits)
  Automatically create cloud firewall rules for installs onto Vultr (trailofbits#1400)
  Refactoring, Linting and additional tests (trailofbits#1397)
  Update Linux WireGuard client instructions (trailofbits#1407)
  Update cloud-vultr.md (trailofbits#1406)
  Update openssl.yml (trailofbits#1403)
  Update deploy-from-script-or-cloud-init-to-localhost.md
  Update README.md (trailofbits#1380)
  Update Adblock lists (trailofbits#1394)
  fix: get public IP from default interface (trailofbits#1396)
  Move `Delete the CA key` task to the appropriate role (trailofbits#1393)
  Update deploy-from-script-or-cloud-init-to-localhost.md
  Consolidate firewall documentation (trailofbits#1386)
  Fix 963 again (trailofbits#1379)
  Refactoring to support roles inclusion (trailofbits#1365)
  Update DNS filtering advice in FAQ (trailofbits#1389)
  Use VULTR_API_CONFIG variable if set (trailofbits#1374)
  IPv6 range to AllowedIPs only when ipv6_support (trailofbits#1388)
  Update ubuntu.yml (trailofbits#1383)
  Script to support cloud-init and local easy deploy (trailofbits#1366)
  Update 10-algo-lo100.network.j2 (trailofbits#1369)
  ...
iBringit added a commit to iBringit/algo that referenced this pull request Nov 4, 2020
@iBringit
Revert "Automatically create cloud firewall rules for installs onto V…
8c3bd18 
…ultr (trailofbits#1400)"

This reverts commit faa4b9a.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@TC1977 @jackivanov