Firewall
Old way (Deprecated)
Rules are generated by a script based on a xlsx doc. It produces one rule file per host. Output his plateform dependant if 4 compute servers are defined in the platform it will produce 4 files and duplicates all rules 4 times.
Rules are store in a git repo.
On each machine a script is running every 5 minutes to check rules updates. It pull localy the rules and apply his file.
Rules are comited with fqdn so the script resolve it to get address. If resolution fails it does not create the rule.
-
Rules are defined for Input/Output by destination/source address and port on a dedicated interface and TCP/UDP protocol.
-
Dropped packets are logged then captured by security supervision.
-
Rules can be enforced or set in audit mode
All rules are applied with iptables system command.