perfsonar-user - Re: [perfsonar-user] testpoint docker image firewall rules for
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Mark Feit <>
- To: Johann Hugo <>
- Cc: "" <>
- Subject: Re: [perfsonar-user] testpoint docker image firewall rules for
- Date: Thu, 9 Feb 2023 19:03:43 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tKDlIgiva39Injo1m6LM7OkyvODW9qHGn2mSNkfNZ/k=; b=R3jJ62VaOabn9w9hALy66SkDS+zxWw1ebo7SNr4OdhAhhgGuBcvQ+j/e082EI4Po3miUtGlL5y1n/Xl1VnebQDfeuW36ge5//bIWj/gGlDKbikMrapP3w1G9HGaeWHO5YdF7VPVda3gZiAuuLCLoz7aml0K0WiqkrQGP3/qSUlMuLX+ldRq5Br3DnUBSiCopjPFqsiXs7og2yc+95lfGQR9smkiLj2Ok8AvvWIj+NucvCmetZpmqMH6XvEkzN7aCqPFI6JwQWnLOO9aGQoVGzIMGPjj34ijBctosfSyYX0NgecEnWNUwZ7udoSpPYhiXc8p7y0texh1Dqs8VYKFBMQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XLpsgpvSUSiAL/xWHHbrmoku5ptj6E2USp2W3pIC54Bofe/uIU0V7+X1BsLd1LLh8jST+RbIWeaxgD6ewblqXZ6tppnI96Wrnr9lLY/qcmIs9pW+uvZemd+pOtdrimHFABXktadLHbEaPZe8twNhXPgddJfBsUyAk0xXLhq8ilV3S5ci7lyTuhCsvLgOcr8VVKPQftjDOfsoAWcdPj1tq0m1fCFxFPs8IONKcwr2YnmNnPaJfheuALLMpVfZ/irB5yxgDgs1rlxrG0PK+0rIeGle7L9bzHgYtnT+q4PnQAlspaQjEfOM0p563JRulUez9746eFqeqlP9EqojIvkCaw==
|
Johann Hugo writes:
This is the same as my setup. I'm using Docker’s macvlan network driver on a second 100g interface with it's own IP address
perfsonar-toolkit-security is installed [root@ps-100-100g /]# yum list installed | grep perfsonar-toolkit-security
But the firewall rules are missing, until I run the configure_firewall install script manually inside the container
We have an EXPOSE in the Dockerfile that maps the container’s ports out to the host’s interfaces, but that doesn’t help this case. The containers we have running at Internet2 are well-protected by other means, so the lack of firewall rules wasn’t something we’d have noticed.
I don’t see any reason that configure_firewall as part of the container build. I’ll check with the rest of the team and make sure I didn’t miss any pitfalls and get that fixed.
--Mark
|
- [perfsonar-user] testpoint docker image firewall rules for, Johann Hugo, 02/03/2023
- Re: [perfsonar-user] testpoint docker image firewall rules for, Mark Feit, 02/03/2023
- Re: [perfsonar-user] testpoint docker image firewall rules for, Johann Hugo, 02/09/2023
- Re: [perfsonar-user] testpoint docker image firewall rules for, Mark Feit, 02/09/2023
- Re: [perfsonar-user] testpoint docker image firewall rules for, Johann Hugo, 02/09/2023
- Re: [perfsonar-user] testpoint docker image firewall rules for, Mark Feit, 02/03/2023
Archive powered by MHonArc 2.6.24.