sebastian/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial upload

Browse Source
This commit is contained in:
sebastian
2025-10-10 11:07:34 +00:00
commit 6224cd01c6
161 changed files with 8964 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
roles/firewall/templates/rules-v4.d/18_internal.sh.j2 Normal file
View File

@@ -0,0 +1,24 @@
# {{ ansible_managed }}
{% if datacenter_global_networks is defined %}
iptables -N internal-in
{% if firewall_allow_internal_dns %}
iptables -A internal-in -p tcp --dport 53 -m comment --comment "common-dns" -j ACCEPT
iptables -A internal-in -p udp --dport 53 -m comment --comment "common-dns" -j ACCEPT
{% endif %}
{% for srcip in datacenter_global_networks + datacenter_public_networks %}
iptables -A INPUT -s {{ srcip }} -j internal-in
{% endfor %}
iptables -N internal-out
iptables -A internal-out -p tcp -m multiport --dports 53,80,443,2181,3306:3310,8086,10231 -m comment --comment "common-services" -j ACCEPT
iptables -A internal-out -p udp --dport 53 -m comment --comment "common-dns" -j ACCEPT
iptables -A internal-out -p tcp --dport 10514 -m owner --uid-owner 0 -m comment --comment "syslog" -j ACCEPT
iptables -A internal-out -p icmp -j ACCEPT
{% for dstip in datacenter_global_networks + datacenter_public_networks %}
iptables -A OUTPUT -d {{ dstip }} -j internal-out
{% endfor %}
{% endif %}