infrastructure/ansible
2
0
Fork 0
Code Pull requests 7 Activity Actions

Add proxy-only ports to staging iptables

Browse source 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
Patrick Uiterwijk 2019-03-29 00:18:04 +01:00
parent 58a14f6fd3
commit 2a932db784
1 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
roles/base/templates/iptables/iptables.staging
View file

@ -65,6 +65,19 @@ COMMIT
-A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT -A INPUT -p udp -m udp --dport {{ port }} -j ACCEPT
{% endfor %} {% endfor %}
# if there are any proxy-only tcp_ports - allow them
{% if proxy_tcp_ports is defined %}
{% for port in proxy_tcp_ports %}
{% for proxy in (groups['proxies'] + groups['proxies-internal']) %}
{% if hostvars[proxy]['vpn'] %}
-A INPUT -p tcp -m tcp --dport {{ port }} --src {{ hostvars[proxy]['ansible_facts']['ansible_tun0']['ipv4']['address'] }} -j ACCEPT
{% else %}
-A INPUT -p tcp -m tcp --dport {{ port }} --src {{ hostvars[proxy]['ansible_facts']['ansible_eth0']['ipv4']['address'] }} -j ACCEPT
{% endif %}
{% endfor %}
{% endfor %}
{% endif %}
# if there are custom rules - put them in as-is # if there are custom rules - put them in as-is
{% for rule in custom_rules %} {% for rule in custom_rules %}
{{ rule }} {{ rule }}