ISTI-ansible-roles
/
ansible-roles
4
0
Fork 3
Code Issues Pull Requests Releases Wiki Activity

Merge pull request 'Fixes #633. Variable to globally define the postgresql firewall.' (#183) from adellam/ansible-roles:master into master

This commit is contained in:
Andrea Dell'Amico 2020-04-20 13:06:57 +02:00
parent 9f9129f341 010579681e
commit d25ff96afd
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
library/roles/iptables/templates/iptables-rules.v4.j2
View File

@ -74,6 +74,12 @@
{% if psql_firewall_enabled %}
{% if psql_db_port is defined %}
{% if psql_listen_on_ext_int is defined and psql_listen_on_ext_int %}
{% if psql_global_firewall is defined %}
{% for cidr in psql_global_firewall %}
-A INPUT -m state --state NEW -s {{ cidr }} -p tcp -m tcp --dport {{ psql_db_port }} -j ACCEPT
{% endfor %}
-A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP
{% else %}
{% if psql_db_data is defined %}
# postgresql clients
{% for db in psql_db_data %}
@ -87,6 +93,7 @@
-A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP
{% endif %}
{% endif %}
{% endif %}
{% if mysql_firewall_enabled %}
{% if mysql_db_port is defined %}
{% if mysql_listen_on_ext_int %}