Firewall

We have three firewall configurations:

  • salt Our new VPN based on Wireguard

  • web, To restrict access to web sites via IP (port 80 and 443).

  • monitor, To allow ElasticSearch, APM client to post to the APM Server (which is running on our Kibana server), To configure the firewall for monitoring, see Deploy.

Wireguard - Configuration

Web - Configuration

Note

This example was written for restricting access to a devpi server by IP address but it will work just as well for restricting access to a website running on port 80 and 443.

Find the external IP address of your workstation:

dig +short myip.opendns.com @resolver1.opendns.com

Add it to config/firewall/devpi.sls in your pillar e.g:

firewall:
  web:
    # web server
    - 13.16.24.14
    # yourbiz
    - 91.85.167.37

Tip

Please add a comment to show which server / workstation has the IP address.

Copy the pillar to your Salt master and run a state.apply to update the firewall on your monitor server e.g:

salt 'my-server' state.apply --state-verbose=False