zabbix: ensure zabbix can communicate with releng machines

Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
2024-02-09 13:04:46 +00:00 · 2024-02-09 13:04:46 +00:00 · 7d63531b82
commit 7d63531b82
parent 216ac2359a
1 changed files with 6 additions and 3 deletions
--- a/roles/base/templates/iptables/iptables.releng
+++ b/roles/base/templates/iptables/iptables.releng
@ -1,7 +1,7 @@
 # {{ ansible_managed }}
 #
 # NOTE: Chaging this template updates iptables on all releng hosts :)
-# Please check with sysadmin-main before pushing out an update here. 
+# Please check with sysadmin-main before pushing out an update here.
 #
 *filter
 :INPUT DROP []
@ -26,6 +26,9 @@
 -A INPUT -p tcp -m tcp -s 38.145.60.15 --dport 5666 -j ACCEPT
 -A INPUT -p tcp -m tcp -s 10.3.163.10  --dport 5666 -j ACCEPT
 -A INPUT -p tcp -m tcp -s 10.3.166.10  --dport 5666 -j ACCEPT
 # Zabbix
 -A INPUT -p tcp -m tcp --dport 10051 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 10050 -s 10.3.163.198 -j ACCEPT
 # if the blocked_ips is defined - drop them
 {% if blocked_ips is defined %}
@ -40,7 +43,7 @@
 -A INPUT -p tcp -m tcp -s 147.251.0.0/16 --dport 22 -j REJECT
 # matches last rule for a service we want blocked
 -A INPUT -p tcp -m tcp -s 192.168.100.0/24 --dport 22 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp  --dport 22 -j ACCEPT 
+-A INPUT -p tcp -m tcp  --dport 22 -j ACCEPT
 # Allow all netapp traffic
 -A INPUT -p udp -m udp -s 10.3.162.0/24 -j ACCEPT
@ -71,7 +74,7 @@
 {{ rule }}
 {% endfor %}
-# Extra protection for 192.168.100.x vpn hosts. 
+# Extra protection for 192.168.100.x vpn hosts.
 -A INPUT -s 192.168.100.0/24 -j REJECT --reject-with icmp-host-prohibited
 -A INPUT -j REJECT --reject-with icmp-host-prohibited