Documenting Firewall Exceptions and Rules
-
When you guys have to make a change to a firewall, where and how do you document those changes? I had to add some rules to a CentOS 8 server because some things stopped working that were previously working. (Not sure why this worked before, but it did)
Adding a few rich rules resolved the issue immediately.
Where do you keep a record of these changes and what the rules are for? Memory obviously isn't an option.
-
Use the 'script' command to record your shell session.
Youtube Video -
That's cool, but you use that for documentation?
I get that it can be used for documentation, but it's generally only valuable if I was going to review the script log file at some later date. Meaning I'd have to remember it exists (on that server) or wherever.
-
@DustinB3403 said in Documenting Firewall Exceptions and Rules:
That's cool, but you use that for documentation?
I haven't use it as much as I should have.
-
@DustinB3403 said in Documenting Firewall Exceptions and Rules:
I get that it can be used for documentation, but it's generally only valuable if I was going to review the script log file at some later date. Meaning I'd have to remember it exists (on that server) or wherever.
If you already have in place a ticket system you can use that for making changes to a firewall.
Or maybe have some kind troubleshooting step by step template you can use to fill out when making changes.
https://social.technet.microsoft.com/wiki/contents/articles/21546.wiki-template-troubleshooting-step-by-step.aspx -
It's stored with the Ansible role in Git.
-
We also use Antora for any documentation that goes along with the role.
-
What type of firewall rules are you running that are so advanced you need to label them?
-
@DustinB3403 said in Documenting Firewall Exceptions and Rules:
I had to add some rules to a CentOS 8 server because some things stopped working that were previously working. (Not sure why this worked before, but it did)
Adding a few rich rules resolved the issue immediately.
None of this makes any sense. It's deny all and permit by exception. Why would you do anything else?
-
@IRJ said in Documenting Firewall Exceptions and Rules:
@DustinB3403 said in Documenting Firewall Exceptions and Rules:
I had to add some rules to a CentOS 8 server because some things stopped working that were previously working. (Not sure why this worked before, but it did)
Adding a few rich rules resolved the issue immediately.
None of this makes any sense. It's deny all and permit by exception. Why would you do anything else?
That's the default, and that's what was working just fine for a long time. Suddenly it began "not working" and needed the exceptions made.
