Fixes #633. Variable to globally define the postgresql firewall.

This commit is contained in:
Andrea Dell'Amico 2020-04-20 13:06:25 +02:00
parent 4c007fbab7
commit 010579681e
1 changed files with 7 additions and 0 deletions

View File

@ -74,6 +74,12 @@
{% if psql_firewall_enabled %}
{% if psql_db_port is defined %}
{% if psql_listen_on_ext_int is defined and psql_listen_on_ext_int %}
{% if psql_global_firewall is defined %}
{% for cidr in psql_global_firewall %}
-A INPUT -m state --state NEW -s {{ cidr }} -p tcp -m tcp --dport {{ psql_db_port }} -j ACCEPT
{% endfor %}
-A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP
{% else %}
{% if psql_db_data is defined %}
# postgresql clients
{% for db in psql_db_data %}
@ -87,6 +93,7 @@
-A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP
{% endif %}
{% endif %}
{% endif %}
{% if mysql_firewall_enabled %}
{% if mysql_db_port is defined %}
{% if mysql_listen_on_ext_int %}