Firewall

We have two firewall configurations:

  • web, To restrict access to web sites via IP (port 80 and 443).
  • monitor, To allow ElasticSearch, APM client to post to the APM Server (which is running on our Kibana server), To configure the firewall for monitoring, see Deploy.

Configuration

Note

This example was written for restricting access to a devpi server by IP address but it will work just as well for restricting access to a website running on port 80 and 443.

Find the external IP address of your workstation:

dig +short myip.opendns.com @resolver1.opendns.com

Add it to config/firewall/devpi.sls in your pillar e.g:

firewall:
  web:
    # web server
    - 13.16.24.14
    # yourbiz
    - 91.85.167.37

Tip

Please add a comment to show which server / workstation has the IP address.

Copy the pillar to your Salt master and run a state.apply to update the firewall on your monitor server e.g:

salt 'my-server' state.apply --state-verbose=False