pez-infra

mirror of https://github.com/RWejlgaard/pez-infra.git synced 2026-05-06 04:14:43 +00:00

History

Rasmus Wejlgaard ef0ccdd84a fix(firewall_alpine): replace empty iptables ruleset with proper INPUT filtering The rules.v4.j2 template deployed a ruleset with INPUT ACCEPT and zero custom rules — effectively a no-op. nuremberg-a is a public-facing mail server and needs actual filtering. Changes: - INPUT default policy set to DROP - Allow loopback, established/related, Tailscale interface, SSH, ICMP - FORWARD stays ACCEPT for Docker port-forwarding - Added firewall_alpine_extra_input_rules variable for host-specific rules Mail ports remain handled by Docker's FORWARD chain, not INPUT. Closes PESO-119	2026-04-02 20:17:28 +00:00
..
alpine-ssh.conf.j2	capture nuremberg-a firewall rules in pez-infra (#15 )	2026-03-29 14:40:10 +01:00
rules.v4.j2	fix(firewall_alpine): replace empty iptables ruleset with proper INPUT filtering	2026-04-02 20:17:28 +00:00

Rasmus Wejlgaard ef0ccdd84a fix(firewall_alpine): replace empty iptables ruleset with proper INPUT filtering

The rules.v4.j2 template deployed a ruleset with INPUT ACCEPT and zero
custom rules — effectively a no-op. nuremberg-a is a public-facing mail
server and needs actual filtering.

Changes:
- INPUT default policy set to DROP
- Allow loopback, established/related, Tailscale interface, SSH, ICMP
- FORWARD stays ACCEPT for Docker port-forwarding
- Added firewall_alpine_extra_input_rules variable for host-specific rules

Mail ports remain handled by Docker's FORWARD chain, not INPUT.

Closes PESO-119

2026-04-02 20:17:28 +00:00

alpine-ssh.conf.j2

capture nuremberg-a firewall rules in pez-infra (#15 )

2026-03-29 14:40:10 +01:00

rules.v4.j2

fix(firewall_alpine): replace empty iptables ruleset with proper INPUT filtering

2026-04-02 20:17:28 +00:00