Page MenuHomePhabricator

Review of ferm services without srange
Open, MediumPublic

Description

All existing ferm services without an explicit srange should be reviewed, whether they can be restricted further. Also, it's worth considering to make unrestricted access explicit with e.g. "srange => '$PUBLIC'" on the puppet level (the ferm config on the hosts would not be changed).

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 2 2016, 2:28 PM
MoritzMuehlenhoff triaged this task as Medium priority.Jan 30 2017, 12:05 PM

Change 591000 had a related patch set uploaded (by Dzahn; owner: Dzahn):
[operations/puppet@production] tlsproxy::envoy: allow limiting firewall srange

https://gerrit.wikimedia.org/r/591000

Change 591000 merged by Dzahn:
[operations/puppet@production] tlsproxy::envoy: allow limiting firewall srange

https://gerrit.wikimedia.org/r/591000

Aklapper removed MoritzMuehlenhoff as the assignee of this task.Jun 19 2020, 4:22 PM

This task has been assigned to the same task owner for more than two years. Resetting task assignee due to inactivity, to decrease task cookie-licking and to get a slightly more realistic overview of plans. Please feel free to assign this task to yourself again if you still realistically work or plan to work on this task - it would be welcome!

For tips how to manage individual work in Phabricator (noisy notifications, lists of task, etc.), see https://phabricator.wikimedia.org/T228575#6237124 for available options.
(For the records, two emails were sent to assignee addresses before resetting assignees. See T228575 for more info and for potential feedback. Thanks!)

Change 632443 had a related patch set uploaded (by Effie Mouzeli; owner: Effie Mouzeli):
[operations/puppet@production] memcached: refactor rules

https://gerrit.wikimedia.org/r/632443

Change 632443 merged by Effie Mouzeli:
[operations/puppet@production] memcached: refactor rules

https://gerrit.wikimedia.org/r/632443