Skip to content

Instantly share code, notes, and snippets.

@chrismeyersfsu

chrismeyersfsu/README.md

Created July 28, 2021 17:12
Show Gist options
  • Save chrismeyersfsu/67940690ae5215689e1aaf7e685c6020 to your computer and use it in GitHub Desktop.
Save chrismeyersfsu/67940690ae5215689e1aaf7e685c6020 to your computer and use it in GitHub Desktop.
Download ZIP
Receptor firewall playground
Raw
README.md 
myreceptornode2 <-- myreceptornode1

receptor --config example_configs/n1.yml
receptor --config example_configs/n2.yml
receptorctl --socket n2.sock ping myreceptornode1
Error: timeout

Success! The above timeout is due to the firewall rules feature.

Note that the firewall rule that restricts myreceptornode1 from issuing commands to myreceptornode2 is fully expressed in myreceptornode2 config. This is desirable. myreceptornode1 could be a bad actor or be compromised and disregard local firewall rules.

Raw
n1.yml
---
- log-level: debug
- control-service:
service: control
filename: n1.sock
- tcp-listener:
port: 9900
- work-command:
worktype: worker
command: ansible-runner
params: worker
- node:
id: myreceptornode1
Raw
n2.yml
---
- log-level: debug
- control-service:
service: control
filename: n2.sock
- tcp-peer:
address: myreceptornode1:9900
- work-command:
worktype: worker
command: ansible-runner
params: worker
- node:
id: myreceptornode2
firewallrules:
- "ToNode=myreceptornode1:drop"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment