Chapter 14
Firewall

Now that we have our configuration management system in place we can start defining our configuration.

The first task is to start securing our server. Security should always be defined as restrictive (most secure) first and then only relaxed enough to allow key functions required for the system to operate.

On our final system this currently means, for the master server, that some users will require access to drive Salt (initiating Salt operations) and Salt itself needs network access for communication between the Salt Master and any Minions we define.

On our development system we have the additional SSH requirements for Vargant to work, as noted in §8.3.

Given these two slight differences our configuration must account for environmental differences. Environments are first class concepts in Salt so we will look at the Salt environment system, but I don’t think this system is all that helpful and prefer another approach, which I investigate more fully as we proceed.

With that said let’s look at our first configuration the server’s host firewall.