From 4fd88f61f48e7838d724e8e4600e5bbe5bdf297b Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Thu, 10 Mar 2016 18:28:18 +0000 Subject: [PATCH] Friends. --- roles/base/templates/iptables/iptables | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/base/templates/iptables/iptables b/roles/base/templates/iptables/iptables index 4e42a834d0..9f2a082139 100644 --- a/roles/base/templates/iptables/iptables +++ b/roles/base/templates/iptables/iptables @@ -24,6 +24,12 @@ -A INPUT -p tcp -m tcp --dport 5666 -s 209.132.181.35 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT +{% if inventory_hostname in groups['proxies'] %} +{% for friend in friends %} +-A INPUT --src {{ friend }} -j DROP +{% endfor %} +{% endif %} + {% if env != 'staging' and datacenter == 'phx2' and inventory_hostname not in groups['staging-friendly'] %} # # In the phx2 datacenter, both production and staging hosts are in the same