[Gluster-infra] Firewall upgrade and deployment

Michael Scherer mscherer at redhat.com
Thu Nov 8 15:34:38 UTC 2018


(this time with right recipient)

after several month of tests, and sinc epeople seems to be out for
Diwala in the indian office, I did took the time to finally switch the
firewall from firewalld to nftables.

The switch went well, but due to unforeseen consequence, it is possible
that some hosts in the internal network did suffer from a 30 seconds
lose of connectivity (due to firewall switching affecting the
deployment of the firewall itself). 

However, this kind of failure was taken in account and the change got
rollback pretty quickly.  

So we are now using a more hardened firewall, based on nftables. I will
continue to harden the rules in the weeks coming. It should be as
seemless as possible, but if anything break in a *.int.rht.gluster.org
server (mostly builders) please tell infra team.

Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS

-------------- next part --------------
Gluster-infra mailing list
Gluster-infra at gluster.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.gluster.org/pipermail/gluster-infra/attachments/20181108/4b6904f0/attachment.sig>

More information about the Gluster-infra mailing list