ISTI-ansible-roles
/
ansible-role-linux-firewall
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Limit the multicast sources.

This commit is contained in:
Andrea Dell'Amico 2022-12-29 18:24:24 +01:00
parent 2e9108c96d
commit 768c6f5653
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
templates/iptables-rules.v4.j2
View File

@ -202,10 +202,20 @@
{% if jgroups_cluster_enabled %}
# infinispan/jgroups
{% if jgroups_sources is defined %}
{% for s in jgroups_sources %}
-A INPUT -s {{ s }} -m pkttype --pkt-type multicast -d {{ jgroups_multicast_addr }} -j ACCEPT
-A INPUT -s {{ jgroups_multicast_addr }} -m pkttype --pkt-type multicast -d {{ jgroups_multicast_addr }} -j ACCEPT
{% if jgroups_mping_multicast_addr is defined and jgroups_mping_multicast_addr != jgroups_multicast_addr %}
-A INPUT -s {{ s }} -m pkttype --pkt-type multicast -d {{ jgroups_mping_multicast_addr }} -j ACCEPT
{% endif %}
{% endfor %}
{% else %}
-A INPUT -m pkttype --pkt-type multicast -d {{ jgroups_multicast_addr }} -j ACCEPT
{% if jgroups_mping_multicast_addr is defined and jgroups_mping_multicast_addr != jgroups_multicast_addr %}
-A INPUT -m pkttype --pkt-type multicast -d {{ jgroups_mping_multicast_addr }} -j ACCEPT
{% endif %}
{% endif %}
{% if jgroups_sources is defined %}
{% for s in jgroups_sources %}
-A INPUT -s {{ s }} -m state --state NEW -p tcp -m tcp --dport {{ jgroups_multicast_port }} -j ACCEPT