From 39dbbacb321b3d6acfd0471467270e17d4e2102d Mon Sep 17 00:00:00 2001
From: Seth Reeser <seth.reeser@calciumusa.com>
Date: Mon, 14 Sep 2015 08:47:01 -0400
Subject: [PATCH 1/3] Adjusting README.md

---
 README.md                        | 8 ++++----
 provisioners/redhat/provision.sh | 9 ++++-----
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 854b09fd..95877977 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@
 * Website Uptime Monitoring via monitor.us (Monitis)
 
 
-As a **non-Developer** you may think - *I already have a website, why do I need Catapult?* Over time you may find yourself overwhelmed with managing the the day to day Devops process of infrastrucrure , and end up paying a freelancer or a development company hundreds or even thousands of dollars to manage or interact with the DevOps (Development Operations) to solve these problems:
+As a **non-Developer** you may think - *I already have a website, why do I need Catapult?* Over time you may find yourself overwhelmed with managing the the day to day DevOps process of infrastrucrure , and end up paying a freelancer or a development company hundreds or even thousands of dollars to manage or interact with the DevOps (Development Operations) to solve these problems:
 
   * Production is down.
   * We need a test site.
@@ -23,10 +23,10 @@ As a **non-Developer** you may think - *I already have a website, why do I need
 As a **Developer**, you have to manage many websites and probably end up using the same set of tools and APIs over and over again. Why not use something that has been created from it's foundations by Devlopers that have been down the same road as you, and contribute back to the project at the same time?
 
   * Catapult is developed in Ruby and native Shell - there are no new languages or technologies to learn.
-  * Catapult's simplicity is it's strength. There is no black-box to decipher - the functionality and methodology is out in      the open and accessible to anyone.
-  * Catapult uses the most popular APIs and services; including AWS, Bamboo, Bitbucket, CloudFlare, DigitalOcean, GitHub, and     Vagrant.
+  * Catapult's simplicity is it's strength. There is no black-box to decipher - the functionality and methodology is out in the open and accessible to anyone.
+  * Catapult uses the most popular APIs and services; including AWS, Bamboo, Bitbucket, CloudFlare, DigitalOcean, GitHub, and Vagrant.
 
-Catapult can manage all of this for you through an open-source and well-documented platform, with a developer-focused point of view. We also provide a service and assistance if you need help getting started, or just have a question - just contact us at https://devopsgroup.io. Catapult leverages the Services that you're already using, which collectively, costs $40/month to have a full-stack localDev, Test, Quality Control, and Production environment.
+Catapult manages all of this for you through an open-source and well-documented platform, with a developer-focused point of view. We also provide a service and assistance if you need help getting started, or just have a question - just contact us at https://devopsgroup.io. Catapult leverages the Services that you're already using, which collectively, costs $40/month to have a full-stack localDev, Test, Quality Control, and Production environment.
 
 *Go ahead, give* **Catapult** *a* **shot**.
 
diff --git a/provisioners/redhat/provision.sh b/provisioners/redhat/provision.sh
index f02f834d..fd4222e7 100644
--- a/provisioners/redhat/provision.sh
+++ b/provisioners/redhat/provision.sh
@@ -9,12 +9,11 @@
 # $4 => instance
 
 
-
 echo -e "\n\n\n"
-echo "                   mdQQQb                       "
-echo "                ---- 4SSEO                      "
-echo "                \    \SSQ'                      "
-echo "                 \ \Y \Sp                       "
+echo "                   seTHRe                       "
+echo "                ---- ESERb                      "
+echo "                \    \AHA'                      "
+echo "                 \ \Y \Ha                       "
 echo "                  \;\\\\_\                        "
 echo "                .;'  \\\\                         "
 echo "              .;'     \\\\                        "

From 276c0c62211041c36a248be116028a5f60e5e03f Mon Sep 17 00:00:00 2001
From: Seth Reeser <seth.reeser@calciumusa.com>
Date: Tue, 15 Sep 2015 09:23:53 -0400
Subject: [PATCH 2/3] Merge

---
 provisioners/redhat/modules/iptables.sh | 75 +++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 provisioners/redhat/modules/iptables.sh

diff --git a/provisioners/redhat/modules/iptables.sh b/provisioners/redhat/modules/iptables.sh
new file mode 100644
index 00000000..d994bf06
--- /dev/null
+++ b/provisioners/redhat/modules/iptables.sh
@@ -0,0 +1,75 @@
+redhat_ip="$(echo "${configuration}" | shyaml get-value environments.${1}.servers.redhat.ip)"
+
+# remove all rules
+sudo iptables --flush
+# we're not a router
+sudo iptables --policy FORWARD DROP
+# allow all output, only filter input
+sudo iptables --policy OUTPUT ACCEPT
+
+# allow server/client ssh over 22
+sudo iptables\
+    --append INPUT\
+    --protocol tcp\
+    --dport 22\
+    --jump ACCEPT
+# allow server to use 127.0.0.1 or localhost, lo = loopback interface
+sudo iptables\
+    --append INPUT\
+    --in-interface lo\
+    --jump ACCEPT
+# allow server to access the web for packages, updates, etc
+sudo iptables\
+    --append INPUT\
+    --in-interface eth0\
+    --match state\
+    --state ESTABLISHED,RELATED\
+    --jump ACCEPT
+# allow incoming web traffic from the world
+if [ "${4}" == "apache" ]; then
+    sudo iptables\
+        --append INPUT\
+        --in-interface eth0\
+        --protocol tcp\
+        --dport 80\
+        --match state\
+        --state NEW,ESTABLISHED\
+        --jump ACCEPT
+    sudo iptables\
+        --append INPUT\
+        --in-interface eth0\
+        --protocol tcp\
+        --dport 443\
+        --match state\
+        --state NEW,ESTABLISHED\
+        --jump ACCEPT
+# allow incoming database traffic
+elif [ "${4}" == "mysql" ]; then
+    if [ "${1}" == "dev"  ]; then
+        # from developer machine
+        sudo iptables\
+            --append INPUT\
+            --in-interface eth0\
+            --protocol tcp\
+            --dport 3306\
+            --match state\
+            --state NEW,ESTABLISHED\
+            --jump ACCEPT
+    else
+        # from the redhat server
+        sudo iptables\
+            --append INPUT\
+            --in-interface eth0\
+            --protocol tcp\
+            --dport 3306\
+            --source ${redhat_ip}\
+            --match state\
+            --state NEW,ESTABLISHED\
+            --jump ACCEPT
+    fi
+fi
+
+# now that everything is configured, we drop everything else (drop does not send any return packets, reject does)
+sudo iptables --policy INPUT DROP
+# output the iptables
+sudo iptables --list

From b2ceb754e476dd287e1c8c8479ed4111da706401 Mon Sep 17 00:00:00 2001
From: Seth Reeser <seth.reeser@calciumusa.com>
Date: Tue, 15 Sep 2015 10:12:14 -0400
Subject: [PATCH 3/3] Bump version.

---
 VERSION.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION.yml b/VERSION.yml
index 254c454a..b2237dea 100644
--- a/VERSION.yml
+++ b/VERSION.yml
@@ -1 +1 @@
-version: 1.7.0
+version: 1.7.1