fix it this way instead
This commit is contained in:
parent
f630159e9f
commit
b5cbb782ec
2 changed files with 6 additions and 1 deletions
|
|
@ -28,7 +28,6 @@
|
|||
|
||||
vars:
|
||||
- tcp_ports: [80, 443, 873]
|
||||
- udp_ports: []
|
||||
- rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}"
|
||||
|
||||
roles:
|
||||
|
|
|
|||
|
|
@ -32,19 +32,25 @@
|
|||
|
||||
|
||||
# if the host/group defines incoming tcp_ports - allow them
|
||||
{% if tcp_ports is defined %}
|
||||
{% for port in tcp_ports %}
|
||||
-A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
# if the host/group defines incoming udp_ports - allow them
|
||||
{% if udp_ports is defined %}
|
||||
{% for port in udp_ports %}
|
||||
-A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
# if there are custom rules - put them in as-is
|
||||
{% if custom_rules is defined %}
|
||||
{% for rule in custom_rules %}
|
||||
{{ rule }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
# otherwise kick everything out
|
||||
-A INPUT -j REJECT --reject-with icmp-host-prohibited
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue