Report On

Firewall Configuration on Docker, Jenkins, Ansible, Nagios, and

Puppet
Dissertation submitted in fulfilments of the requirements for the Degree
of
BACHELOR OF TECHNOLOGY
in
COMPUTER SCIENCE AND ENGINEERING
By
DWARAMPUDI MANIKANTA SURESH KRISHNA REDDY

School of Computer Science and Engineering

Lovely Professional University
Phagwara, Punjab (India)

Reg No: 12112921

Section: K310
Table of Contents:
1. Introduction
2. Problem Statement
o Profile of the Problem
o Rationale/Scope of the Study
o Feasibility Analysis
o Project Plan
3. Software Requirement Analysis
o Introduction
o General Description
o Specific Requirements
4. Design
o System Design
o Design Notations
o Detailed Design
o Flowcharts
o Pseudo Code
5. Implementation
o Implementation of the Project
o Conversion Plan
o Post-Implementation and Software Maintenance
6. Project Legacy
o Current Status of the Project
o Remaining Areas of Concern
o Lessons Learned
7. Source Code/System Snapshots
8. Bibliography
1. Introduction
Firewall configuration is a cornerstone of securing modern DevOps environments and
system management tools such as Docker, Jenkins, Ansible, Nagios, and Puppet.
These tools form the backbone of continuous integration (CI), continuous deployment
(CD), and system monitoring processes, ensuring streamlined operations and efficient
resource management. However, their exposure to external networks and potential
misconfigurations pose significant security risks. These vulnerabilities can result in
unauthorized access, data breaches, or even service disruptions, making robust
firewall implementation and configuration essential.
This report delves into the methodologies for implementing and configuring firewalls
to safeguard these critical systems. The focus is on achieving network-level security
by controlling and restricting traffic based on specific criteria, including protocols, IP
addresses, and ports. By establishing precise access rules, firewalls serve as the first
defense against malicious activities and unauthorized intrusions.
Popular firewall solutions, such as iptables and ufw (Uncomplicated Firewall), play a
pivotal role in these configurations. These tools enable administrators to define
granular rules for traffic filtering, ensuring that only legitimate connections reach
sensitive services. In addition, cloud-native firewall solutions provided by platforms
like AWS Security Groups or Azure Firewall are leveraged to extend this security to
cloud-hosted environments.
This report emphasizes best practices for firewall configuration tailored to the unique
requirements of these tools. It highlights the importance of regular audits, logging,
and monitoring to identify and address potential vulnerabilities proactively. By
implementing these strategies, organizations can secure their DevOps pipelines and
system management tools against evolving threats, ensuring both operational
efficiency and robust security.
Effective firewall configuration also involves integrating security practices with the
workflows of tools like Jenkins and Docker. For instance, Jenkins, often exposed via
web interfaces, requires restrictions on administrative access by allowing connections
only from trusted IP ranges. Similarly, Docker, which uses containerized
environments for application deployment, can have its exposed ports secured by
limiting traffic to essential communication channels. By fine-tuning firewall rules and
ensuring that only necessary ports and protocols are accessible, organizations can
minimize the attack surface while maintaining the functionality of these tools.
Moreover, a layered security approach enhances the effectiveness of firewalls.
Combining network-level firewalls with application-layer solutions such as Web
Application Firewalls (WAFs) provides comprehensive protection.
2. Problem Statement
Profile of the Problem
With the increasing complexity of infrastructure, tools like Docker, Jenkins, Ansible,
Nagios, and Puppet are exposed to potential threats like unauthorized access, data
exfiltration, and service disruptions. Protecting these services requires robust firewall
configurations that control traffic flow without hindering system operations.
Rationale/Scope of the Study
 Rationale: These tools often run on open ports that attackers can exploit.
Implementing firewalls ensures that only authorized traffic is allowed.
 Scope: The project focuses on configuring firewalls for secure access to these
tools in development and production environments.
Feasibility Analysis
 Technical Feasibility: Tools like iptables, ufw, and cloud-native firewalls are
compatible with these services.
 Operational Feasibility: Configurations are performed without disrupting
existing workflows.
 Financial Feasibility: Open-source firewalls like iptables and ufw minimize
costs.
Project Plan
 Phase 1: Analyse firewall requirements for each tool.
 Phase 2: Implement and test configurations in a controlled environment.
 Phase 3: Deploy configurations in production.
 Phase 4: Monitor and maintain the configurations.

3. Software Requirement Analysis

Introduction
Firewall configuration involves setting up rules to regulate traffic for Docker
containers, Jenkins builds, Ansible playbooks, Nagios monitoring, and Puppet
configurations.
General Description
 Docker: Manages containerized applications and exposes services on specific
ports (e.g., 2375 for the Docker API).
 Jenkins: A CI/CD tool requiring controlled access to build pipelines via
HTTP/HTTPS ports (default: 8080).
  Ansible: Communicates over SSH (port 22) to execute automation scripts.
 Nagios: Provides monitoring dashboards, usually accessible on port 80 or 443.
 Puppet: Configuration management tool using HTTPS (port 8140).
Specific Requirements
1. Firewall Tools:
o iptables for Linux systems.
o ufw for simplified configurations.
o Cloud firewalls for virtualized environments.
2. System Requirements:
o Host OS: Ubuntu or CentOS.
o Docker, Jenkins, Ansible, Nagios, and Puppet installed.
o Network configurations: Static IP addresses for nodes.
3. Open Ports:
o Docker: 2375
o Jenkins: 8080
o Ansible: 22
o Nagios: 80, 443
o Puppet: 8140

4. Design
System Design
The system comprises multiple tools running on distinct ports and communicating
with clients or nodes. The firewall intercepts all traffic and enforces rules based on
predefined criteria such as IP, port, and protocol.
Design Notations
 Entities: Clients, Servers, Firewall.
 Interactions: Request and response through specific ports.
Detailed Design
1. Docker: Restrict API access to specific IPs.
2. Jenkins: Allow HTTP/HTTPS traffic only from authorized IPs.
3. Ansible: Permit SSH connections only from control nodes.
 4. Nagios: Protect dashboard access with IP whitelisting.
5. Puppet: Ensure secure communication between master and agents using
SSL/TLS.
Flowcharts

1 Docker
2 Jenkins

3 Ansible

4 Nagios

5 Puppet

6 Configure Firewall

7 Monitor and manage

5. Implementation
Implementation of the Project
 Step 1: Install ufw and enable it.
 Step 2: Configure rules for each tool.
 Step 3: Test configurations using tools like curl and nmap.
Conversion Plan
Migrate configurations gradually, starting from a development environment.
Post-Implementation and Software Maintenance
Monitor logs and update rules based on evolving requirements.

6. Project Legacy
Current Status of the Project
Firewall configurations have been implemented and validated in a test environment.
Remaining Areas of Concern
 Automation of firewall updates using Ansible.
 Dynamic IP handling for mobile clients.
Lessons Learned
  Iterative testing is crucial for error-free configurations.
 Combining firewalls with VPNs enhances security.

7. Source Code/System Snapshots

Firewall-Configuration-Project/
│
├── docker/
│ ├── Dockerfile
│ └── docker-compose.yml
│
├── jenkins/
│ └── Jenkinsfile
│
├── ansible/
│ ├── playbook.yml
│ ├── inventory.ini
│ └── roles/
│ └── firewall/
│ └── tasks/
│ └── main.yml
│
├── nagios/
│ └── nagios_config/
│ └── configuration.cfg
│
├── puppet/
│ └── site.pp
│
└── README.md
1. Docker Setup (docker/)
 Dockerfile: Build your Docker images for Jenkins, Ansible, Nagios, and
Puppet.
  docker-compose.yml: Use this file to define the services that make up your
multi-container Docker application.
Example docker-compose.yml:
version: '3'
services:
jenkins:
image: jenkins/jenkins:lts
ports:
- "8080:8080"
networks:
- project_network
ansible:
image: ansible/ansible:latest
networks:
- project_network
nagios:
image: nagios/nagioscore:latest
ports:
- "80:80"
networks:
- project_network
puppet:
image: puppet/puppetserver
networks:
- project_network
networks:
project_network:
driver: bridge
2. Jenkins Setup (jenkins/)
 Jenkinsfile: Define a simple pipeline for integrating Docker and other tools in
Jenkins.
Example Jenkinsfile:
pipeline {
agent any
stages {
stage('Build') {
steps {
echo 'Building Docker Containers...'
script {
sh 'docker-compose up -d'
}
}
}
stage('Deploy') {
steps {
echo 'Deploying Containers...'
script {
sh 'docker-compose down && docker-compose up -d'
}
}
}
}
}

3. Ansible Setup (ansible/)

 playbook.yml: Define a playbook for setting up firewall rules.
Example playbook.yml:
---
- name: Configure firewall rules
hosts: all
become: yes
tasks:
- name: Add a new firewall rule
ufw:
rule: allow
name: 'Open Port 80'
port: '80'
proto: tcp
 inventory.ini: Define your host inventory file.
Example inventory.ini:
ini
Copy code
[firewall_servers]
192.168.0.101
192.168.0.102

4. Nagios Setup (nagios/)

 configuration.cfg: Define Nagios configuration for monitoring services.
Example configuration.cfg:
define service {
use generic-service
host_name firewall-server
service_description HTTP
check_command check_http
}
5. Puppet Setup (puppet/)
  site.pp: Define the Puppet manifest for automating firewall configurations.
Example site.pp:
node default {
class { 'firewall':
ensure => 'present',
rules => [
{ 'action' => 'accept', 'port' => '80' }
],
}
}

8. Bibliography
1. Docker Security Documentation: https://docs.docker.com
2. Jenkins Configuration Guide: https://www.jenkins.io
3. Puppet Documentation: https://puppet.com/docs