packetcat
/
ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Commit Graph

  • 27b9e93b0d reference nasties ipset for erlking and waldo staticsafe 2020-04-15 10:54:43 -0400
  • fd475f98cb add some more ipsets for erlking and waldo staticsafe 2020-04-15 10:52:25 -0400
  • d8f5681c52 fix typo in ipset.service staticsafe 2020-04-15 10:26:22 -0400
  • dd4d335302 make ipset.service import even if ipset already exists and then reload in main.yml staticsafe 2020-04-15 10:23:45 -0400
  • 05176fb83e don't destroy ipset in main.yml staticsafe 2020-04-15 10:15:24 -0400
  • 3fb3507d40 make some more explicit requirements in ipset.service staticsafe 2020-04-15 10:13:53 -0400
  • 8aa1d869ba clean up unnecessary comments in firewall rulesets staticsafe 2020-04-14 22:40:54 -0400
  • a7888e95bf set FLUSH_ON_STOP to 0 staticsafe 2020-04-14 22:36:05 -0400
  • 358b88ea60 we use a default file for netfilter-persistent staticsafe 2020-04-14 22:29:49 -0400
  • 14c62687a7 ipset service stop destroy staticsafe 2020-04-14 22:15:22 -0400
  • 53d62d54f5 let's try this again with destroy staticsafe 2020-04-14 22:15:06 -0400
  • 377a5bcebf temporarily comment out firewall rule staticsafe 2020-04-14 22:11:55 -0400
  • 58c0b0e2c1 always reload systemd staticsafe 2020-04-14 22:09:41 -0400
  • 3abbcbbd9e use flush instead of destroy in ipset everywhere staticsafe 2020-04-14 22:07:05 -0400
  • 92f286bbd6 should be src for ipset based rule staticsafe 2020-04-14 22:03:23 -0400
  • c267ec243f use ipset instead of a bunch of INPUTs staticsafe 2020-04-14 22:02:41 -0400
  • 0d7df674ec dont use handler staticsafe 2020-04-14 21:56:08 -0400
  • 02a376b367 restart ipset service instead of start and use handler staticsafe 2020-04-14 21:52:43 -0400
  • 1430497f5c move order of ipset destroy up staticsafe 2020-04-14 21:47:08 -0400
  • 696bf3348f fix syntax error in ubuntu/roles/ipset-deploy/tasks/main.yml staticsafe 2020-04-14 21:44:46 -0400
  • ce39f769a2 add ipset-deploy role staticsafe 2020-04-14 21:42:03 -0400
  • 835384a24d add rulesets for uriel.asininetech.net. staticsafe 2020-04-04 19:19:42 -0400
  • 66eebc37d3 add moz.com crawler to firewall block list on web servers staticsafe 2020-03-28 23:09:40 -0400
  • 99137e82f1 Merge branch 'nextgen' of github.com:staticsafe/ansible-playbooks into nextgen staticsafe 2020-03-27 13:08:19 -0400
  • 07cf97fa21 add rpcbind to list of packages we remove on setup staticsafe 2020-03-27 13:08:01 -0400
  • 57a0f65ffd
         Update README.md to say 18.04 Sadiq Saif 2020-03-24 11:43:02 -0400
  • 114970ec4b Use a more generic sshd_config with our options. staticsafe 2020-03-24 11:15:30 -0400
  • 1f1bf5147b common role is now copying over a sshd_config staticsafe 2020-03-24 10:27:09 -0400
  • 1de56b96b9 remove grevane.asininetech.net.rules.*, not needed anymore staticsafe 2020-03-23 11:25:56 -0400
  • c1b3d2a171 clean up nginx_remove_sites staticsafe 2020-03-09 20:38:49 -0400
  • 6613d75162 remove sadiqsaif.ca and staticsafe.ca vhosts staticsafe 2020-03-09 19:26:09 -0400
  • 7fb64da246 no need for 127/8 rules in demonreach.asininetech.net.rules.v4 staticsafe 2020-03-08 22:56:00 -0400
  • 10c45c850b DNS resolving issues in demonreach.asininetech.net.rules.v4? staticsafe 2020-03-08 15:58:03 -0400
  • f9e74ee5aa allow TCP DNS as well for VPN subnet staticsafe 2020-03-04 17:50:35 -0500
  • 13f9b1575c add 2620:98:4002::/48 to port 53 for demonreach.asininetech.net.rules.v6 staticsafe 2020-03-04 17:16:38 -0500
  • a0d1c0598d remove port 1723 from demonreach.asininetech.net.rules.v4 staticsafe 2020-03-04 13:49:49 -0500
  • 12e58f3c01 add port 1723 to demonreach.asininetech.net.rules.v4 staticsafe 2020-03-04 13:45:07 -0500
  • 907b86492b add a DROP rule in deirdre.asininetech.net.rules.v4 staticsafe 2020-02-25 23:31:15 -0500
  • e866d062a9 add AlkonavtNetwork subnet to drop list on deirdre.asininetech.net.rules.v4 staticsafe 2020-02-20 14:46:11 -0500
  • db59ab205e add rule to drop SearchAtlas crawler staticsafe 2020-02-20 14:25:47 -0500
  • c6997dcd39 add drop for Seekport crawler IP to deirdre and waldo staticsafe 2020-02-14 19:29:02 -0500
  • 9766d2ced5 Add vhost for ultonomy.com. staticsafe 2020-01-22 10:46:08 -0500
  • 2af73d2d4e allow ES traffic over Tinc VPN staticsafe 2020-01-19 10:35:52 -0500
  • bc92c9d437 Port opening for Tinc staticsafe 2020-01-18 20:48:58 -0500
  • a4c0bcde30 min heap size 4g staticsafe 2020-01-18 18:56:19 -0500
  • 42bf05965b increase min heap size to 2g staticsafe 2020-01-18 18:54:26 -0500
  • 2c83554698 elasticsearch_version should be 6.x staticsafe 2020-01-18 18:48:55 -0500
  • 869d80e6f7 we need to secure port 9300 on namshiel as well staticsafe 2020-01-18 17:59:58 -0500
  • 201f4a35ca min heap size to 1g? staticsafe 2020-01-18 17:39:47 -0500
  • 6f0febf806 needs min heap size? staticsafe 2020-01-18 17:36:48 -0500
  • d810ba667e let's try again? staticsafe 2020-01-18 17:33:54 -0500
  • d0976ca7fb fix formatting on namshiel-elasticsearch.asininetech.net.yml? staticsafe 2020-01-18 17:32:55 -0500
  • e306a60ea6 add namshiel related files staticsafe 2020-01-18 17:29:03 -0500
  • a0e26301cf deirdre should be able to talk outbound 9200 for ES staticsafe 2020-01-18 17:17:39 -0500
  • d384b41e75 cleanup i.asininetech.com. staticsafe 2020-01-16 18:16:54 -0500
  • 748ddb1008 remove i.asininetech.com. staticsafe 2020-01-16 18:09:45 -0500
  • 9e1e20d33f Remove port 4949 from allowed ports deirdre no longer using munin-node staticsafe 2020-01-06 10:17:08 -0500
  • da2f7aef93 Remove catsith.asininetech.net.rules.v4 and catsith.asininetech.net.rules.v6 catsith is gone staticsafe 2020-01-06 10:16:06 -0500
  • 3b73edf491 add firewall rule to drop aggressive crawler in catsith.asininetech.net.rules.v6 staticsafe 2019-12-23 18:40:39 -0500
  • 85d19dd3a0 add ipset package install to ubuntu/roles/firewall-ruleset-deploy/tasks/main.yml staticsafe 2019-11-17 16:22:19 -0500
  • 48e67daf37 remove duplicity/python-boto, add postfix, mailutils staticsafe 2019-11-16 23:12:07 -0500
  • 7cc0101f0d change Unattended-Upgrade::Remove-Unused-Dependencies in 50unattended-upgrades staticsafe 2019-10-29 12:06:14 -0400
  • 87e7452be6 Remove apt-maintenance.sh as it isn't needed anymore. staticsafe 2019-10-29 10:39:44 -0400
  • da7c56eeb5 Update ubuntu/site.yml for unattended-upgrades task staticsafe 2019-10-29 10:37:01 -0400
  • 18188cb971 Switch to using unattended-upgrades for apt-maintenance. staticsafe 2019-10-29 10:35:22 -0400
  • 5703b44e75 update last task name in ubuntu/roles/apt-maintenance/tasks/main.yml staticsafe 2019-10-29 10:18:00 -0400
  • c951fe766d We are disabling the apt-maintenance cron job for now. staticsafe 2019-10-29 10:13:17 -0400
  • 4d30f0245e add vhost for irreverent.space to ubuntu/erlking.asininetech.net.yml staticsafe 2019-10-23 23:35:05 -0400
  • 05283b00ef Copy pgbackrest logrotate config as well staticsafe 2019-10-20 21:53:09 -0400
  • fbb5391eae Permissions for pgbackrest binary should be 755. staticsafe 2019-10-20 21:28:33 -0400
  • 665d24a6cb fix typo in ubuntu/site.yml staticsafe 2019-10-20 21:04:25 -0400
  • 74f35940f3 Add pgbackrest-install role staticsafe 2019-10-20 21:02:36 -0400
  • ab33cd0200 Add yet another Bytespider range to block list to firewall rules. staticsafe 2019-10-17 12:20:04 -0400
  • 7c7ff101e5 Missed a Bytespider crawler range staticsafe 2019-10-17 12:03:07 -0400
  • f5d7c6dc39 Block aggressive Bytespider crawler across web servers staticsafe 2019-10-17 11:58:22 -0400
  • afa8aa556c Add firewall rules to drop kiwifarms subnets. staticsafe 2019-10-11 00:00:33 -0400
  • 7152d8d5f2 should be multiports staticsafe 2019-10-04 09:44:08 -0400
  • d16ec626e1 add OUTPUT rules to allow DHCP on restricted nodes staticsafe 2019-10-04 09:42:15 -0400
  • 90d4342ac2 cleanup some more staticsafe 2019-09-29 22:54:49 -0400
  • 63490bb22b char.packet.cat is now removed, clean up staticsafe 2019-09-29 22:53:54 -0400
  • 4100790fa9 Remove char.packet.cat. staticsafe 2019-09-29 22:50:51 -0400
  • e419d3aefb add drop rule for 159.149.133.66 to deirdre.asininetech.net.rules.v4 staticsafe 2019-09-16 12:05:38 -0400
  • bd8a5c8435 Increase worker_connections across the board. staticsafe 2019-09-03 14:20:31 -0400
  • e9ec840823 increase nginx worker_connections to 1024 in ubuntu/deirdre.asininetech.net.yml staticsafe 2019-09-03 14:07:02 -0400
  • 0a3cae443f rename some files to new hostnames. staticsafe 2019-09-03 14:03:04 -0400
  • 4c23562144 add handlers to firewall-ruleset-deploy staticsafe 2019-08-25 21:08:25 -0400
  • 3002276209 clean up of firewall rulesets remove byte counters, remove chains that didn't need to be there staticsafe 2019-08-21 23:41:40 -0400
  • 8e471b7254 add COMMIT after end of filter staticsafe 2019-08-21 23:23:57 -0400
  • df177dd04b clear out packet values in demonreach.asininetech.net.rules.v4 staticsafe 2019-08-21 23:21:06 -0400
  • 83fcf86900 POSTROUTING should be in nat chain staticsafe 2019-08-21 23:20:29 -0400
  • e86367ed83 add firewall rulesets for demonreach.asininetech.net. staticsafe 2019-08-21 23:18:06 -0400
  • ab7979ce01 add firewall rulesets for grevane.asininetech.net. staticsafe 2019-08-21 22:46:44 -0400
  • 135e9bd008 add firewall rulesets for erlking.asininetech.net. staticsafe 2019-08-21 22:37:08 -0400
  • d411bc74dd add firewall rulesets for deirdre.asininetech.net. staticsafe 2019-08-21 22:26:21 -0400
  • ee1e6fb76f add firewall rulesets for catsith.asininetech.net staticsafe 2019-08-21 22:22:59 -0400
  • 8b77463939 turn off backups in firewall-ruleset-deploy/tasks/main.yml staticsafe 2019-08-21 22:15:22 -0400
  • 985895c082 add firewall rulesets for waldo.asininetech.net. staticsafe 2019-08-21 22:12:42 -0400
  • df3044c9f3 fix another error in gard.asininetech.net.rules.v6 staticsafe 2019-08-21 22:07:10 -0400
  • ecda411031 fix syntax error in gard.asininetech.net.rules.v6 staticsafe 2019-08-21 22:02:47 -0400
  • 70fb7c8212 maybe fully enclosed? staticsafe 2019-08-21 22:00:41 -0400