Set up firewall for incoming traffic on rwho port for all machines #308

New Issue

Open

opened 2026-01-22 06:16:24 +01:00 by oysteikt · 3 comments

oysteikt commented 2026-01-22 06:16:24 +01:00

Owner

Copy Link

Currently, anyone could send any rwho entries they'd like to any of our non-nixos machines. Let's set up a firewall rule so that all traffic from the outside is either dropped or rejected.

Currently, anyone could send any rwho entries they'd like to any of our non-nixos machines. Let's set up a firewall rule so that all traffic from the outside is either dropped or rejected.

oysteikt added the good first issuesecuritysaltservicesnetworking labels 2026-01-22 06:16:24 +01:00

oysteikt added this to the Kanban project 2026-01-22 06:16:24 +01:00

oysteikt moved this to Low priority in Kanban on 2026-01-22 11:45:52 +01:00

oysteikt commented 2026-01-26 14:26:30 +01:00

Author

Owner

Copy Link

Added to salt, now we just need to systemctl daemon-reload all machines and restart rhwod.service

Added to salt, now we just need to `systemctl daemon-reload` all machines and restart `rhwod.service`

oysteikt commented 2026-02-02 15:57:58 +01:00

Author

Owner

Copy Link

It turns out that some of the debian 10 machines generate systemd units from systemv init scripts??? bruh

EDIT: apparently doesn't matter, we can overlay autogenerated units

It turns out that some of the debian 10 machines generate systemd units from systemv init scripts??? bruh EDIT: apparently doesn't matter, we can overlay autogenerated units

oysteikt commented 2026-02-02 19:32:02 +01:00

Author

Owner

Copy Link

Okay, fixed for most debian machines now. Should maybe also be done for the freebsd machines. Not sure how to deal with pf, needs some investigation. Maybe someone else wanna pick it up?

Okay, fixed for most debian machines now. Should maybe also be done for the freebsd machines. Not sure how to deal with pf, needs some investigation. Maybe someone else wanna pick it up?

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

No results found.

Labels

Clear labels

dns

Involves modifications to dvask

exploration

See the galaxy!

gitea

mail

epost nord

new stuff

Adds a new service / new functionality

openstack

NUTN OpenStack, more like closed stack

services

Everything regarding selfhosted services

software

Everything regarding homebrewn software

art

The issue needs someone to be creative

backup

big

No, not bug, **big** - this is gonna take a while

blocked

This issue/PR depends on one or more other issues/PRs

bug

Something is not working, and it's not the shield hero

crash report

Report an oopsie

disputed

kranglefanter

documentation

Documentation changes required

duplicate

This issue or pull request already exists

enhancement

New feature

good first issue

Get your hands dirty with a new project here

logging

networking

TTM4100

nixos

Requires changes to our nixos setup

question

More information is needed

salt

Requires changes to our salt setup

security

Skommel

servers n' hardware

Regards hardware, servers or VMs

wontfix

This won't be fixed

No Label services good first issue networking salt security

Milestone

No items

No Milestone

Projects

Clear projects

No project Kanban

Assignees

Clear assignees

adriangl albertba alfhj bjornoka chrisfjo chrivi danio davidk dungby eirikwit felixalb frero jonmro jovre karolds knuta krisleri larshhan olived oysteikt pederbs root torsteno vegardbm yorinad

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Drift/issues#308