From a60dedd92e0cd331b7a885a68c80989f832bc148 Mon Sep 17 00:00:00 2001 From: Martin Zobel-Helas Date: Thu, 14 Jan 2010 23:39:41 +0100 Subject: [PATCH 1/1] blog recent RFH --- ..._ferm_integration_into_dsa-puppet.git.mdwn | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 input/dsablog/2010/01/[RFH]_ferm_integration_into_dsa-puppet.git.mdwn diff --git a/input/dsablog/2010/01/[RFH]_ferm_integration_into_dsa-puppet.git.mdwn b/input/dsablog/2010/01/[RFH]_ferm_integration_into_dsa-puppet.git.mdwn new file mode 100644 index 0000000..2535392 --- /dev/null +++ b/input/dsablog/2010/01/[RFH]_ferm_integration_into_dsa-puppet.git.mdwn @@ -0,0 +1,22 @@ +[[!meta author="Martin Zobel-Helas"]] + +The Debian Project currently runs about [100 machines](http://db.debian.org/machines.cgi) all over the +world with different services. Those are mainly managed by the [Debian +System Administration team](http://wiki.debian.org/Teams/DSA). For central configuration management we +use [Puppet](http://reductivelabs.com/products/puppet/). +The Puppet config we use is publicly available [here](http://git.debian.org/?p=mirror/dsa-puppet.git). + +Our next goal is to have a more or less central configuration of our +iptables rules on all those machines. Some of the machines have +home-brewed firewall scripts, some use ferm. + + +Your mission, if you choose to accept it, is to provide us with a new +dsa-puppet git branch with a module "ferm" that we can roll out to all +our hosts. + +It might want to use information from the other puppet modules like +"apache2_security_mirror" or "buildd" to decide which incoming traffic +should be allowed. + +DSA will of course provide you with all necessary further information. -- 2.20.1