Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added local firewall management (iptables) on the NVA for dealing with COS default deny on inbound connections #1282

Merged
merged 6 commits into from
Mar 27, 2023
Merged

Added local firewall management (iptables) on the NVA for dealing with COS default deny on inbound connections #1282

merged 6 commits into from
Mar 27, 2023

Conversation

simonebruzzechesse
Copy link
Collaborator

The NVA is running COS which, by default, allows outgoing connections and accepts incoming connections only through the SSH service. This was causing issues with BGP sessions not being established between NVAs, this PR includes:

  • default firewall configuration for well known protocols configured via FRR (ex. enabling BGPd will automatically opens port 179 on the NVA)
  • added optional_firewall_open_ports variable to easily open ports for both TCP and UDP protocols on the NVA
  • extended module documentation in README

@simonebruzzechesse simonebruzzechesse marked this pull request as ready for review March 27, 2023 09:49
@simonebruzzechesse simonebruzzechesse merged commit b688010 into master Mar 27, 2023
@simonebruzzechesse simonebruzzechesse deleted the bruzz/nva-firewall-mgmt branch March 27, 2023 14:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LucaPrete LucaPrete LucaPrete approved these changes

Assignees
No one assigned
Labels
on:modules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@simonebruzzechesse @LucaPrete