[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift node hardening - are these IP table rules ok?



Without loss of generality it's easy to find out wether or not you've broken networking in openshift, since ships with a lot of tests for networking, and DNS (extended.test). 
KUBECONFIG=/etc/origin/master/admin.kubeconfig /usr/libexec/atomic-openshift/extended.test --ginkgo.v=True --ginkgo.focus="DNS"
(use "Networking" tags as well and make sure those pass).
So... 
- Run the tests above with  the argument --ginkgo.focus=DNS , 
- apply the rules, 
- re run them again and you will quickly detect a regression if you've broken anything .

On Apr 5, 2017, at 4:43 AM, Anton <kurrent93 gmail com> wrote:

Hello

I would like to harden my OpenShift node. 

I'm not at all versed in iptable rules, and would like hear if these rules - https://javapipe.com/iptables-ddos-protection - are ok to apply, or not.

Thanks for your help.

b
_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]