Sha256: a791d09fbf48d4914b3094f1f16cffbe2ea359479d2df7d01918f11c3942e8cf

Contents?: true

Size: 989 Bytes

Versions: 7

Compression:

Stored size: 989 Bytes

Contents

rule_set :icmp_protection do
  accept :chain     => :output,
         :protocol  => :icmp,
         :icmp_type => 'echo-request',
         :comment   => "allow us to ping others"

  accept :protocol  => :icmp,
         :icmp_type => 'echo-reply',
         :comment   => "allow us to receive ping responses"


  interfaces[:external].each do |interface|
    from_each_address(allowed_from) do |address|
      accept :protocol  => :icmp,
             :icmp_type => 'echo-request',
             :interface => interface,
             :remote_address => address,
             :limit   => '1/s',
             :comment => "allow icmp from #{address}"
    end

    drop :protocol  => :icmp,
         :interface => interface,
         :comment   => "drop any icmp packets that haven't been explicitly allowed"
  end
end

address :monitoring, 'pinger.monitoringservice.com'

host 'app_host' do
  interface :external, ['eth1', 'eth1:0']

  icmp_protection allowed_from: :monitoring

  runs :ssh
end

Version data entries

7 entries across 7 versions & 1 rubygems

Version Path
asbestos-0.0.9 examples/8_rule_sets.rb
asbestos-0.0.8 examples/8_rule_sets.rb
asbestos-0.0.7 examples/8_rule_sets.rb
asbestos-0.0.6 examples/8_rule_sets.rb
asbestos-0.0.5 examples/8_rule_sets.rb
asbestos-0.0.4 examples/8_rule_sets.rb
asbestos-0.0.3 examples/8_rule_sets.rb