Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Close os machinectl port from external

Browse source 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
Patrick Uiterwijk 2019-05-25 02:31:00 +02:00
parent d451116939
commit 1878e49a6d
1 changed files with 2 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
inventory/group_vars/os_proxies
View file

@ -13,14 +13,12 @@ tcp_ports: [
6443, 6443,
# For haproxy status # For haproxy status
8080, 8080,
# For machinectl api
22623,
# 9941 is closed generally, is for the inbound fedmsg and is covered in
# custom_rules
] ]
custom_rules: [ custom_rules: [
# Needed for keepalived # Needed for keepalived
'-A INPUT -d 224.0.0.0/8 -j ACCEPT', '-A INPUT -d 224.0.0.0/8 -j ACCEPT',
'-A INPUT -p vrrp -j ACCEPT', '-A INPUT -p vrrp -j ACCEPT',
# machinectl api
'-A INPUT -p tcp --dport 22623 --src 38.145.48.0/27 -j ACCEPT',
] ]