Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Allow adding proxy-only TCP ports to groups

Browse source 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
Patrick Uiterwijk 2019-03-29 00:15:05 +01:00
parent 99eee653cc
commit 030ea6df33
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
roles/base/templates/iptables/iptables
View file

@ -99,6 +99,19 @@
{% endfor %}
{% endif %}
# if there are any proxy-only tcp_ports - allow them
{% if proxy_tcp_ports is defined %}
{% for port in proxy_tcp_ports %}
{% for proxy in (groups['proxies'] + groups['proxies-internal']) %}
{% if hostvars[proxy]['vpn'] %}
-A INPUT -p tcp -m tcp --dport {{ port }} --src {{ hostvars[proxy]['ansible_facts']['ansible_tun0']['ipv4']['address'] }} -j ACCEPT
{% else %}
-A INPUT -p tcp -m tcp --dport {{ port }} --src {{ hostvars[proxy]['ansible_facts']['ansible_eth0']['ipv4']['address'] }} -j ACCEPT
{% endif %}
{% endfor %}
{% endfor %}
{% endif %}
# if there are custom rules - put them in as-is
{% if custom_rules is defined %}
{% for rule in custom_rules %}