From d27de1cf7c85a26269da149cf87bad2e67c19acd Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Thu, 2 May 2019 11:54:57 +0200
Subject: [PATCH] Restrict the prometheus ports range.

---
 iptables/templates/iptables-rules.v4.j2 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2
index 93776d8..8071567 100644
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@@ -316,11 +316,11 @@
 {% if prometheus_enabled is defined and prometheus_enabled %}
 {% if prometheus_servers_ip is defined %}
 {% for ip in prometheus_servers_ip %}
--A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport 9100:9300 -j ACCEPT
+-A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport 9100:9110 -j ACCEPT
 {% endfor %}
--A INPUT -m state --state NEW -p tcp -m tcp --dport 9100:9300 -j REJECT --reject-with icmp-host-prohibited
+-A INPUT -m state --state NEW -p tcp -m tcp --dport 9100:9110 -j REJECT --reject-with icmp-host-prohibited
 {% else %}
--A INPUT -m state --state NEW -p tcp -m tcp --dport 9100:9300 -j ACCEPT
+-A INPUT -m state --state NEW -p tcp -m tcp --dport 9100:9110 -j ACCEPT
 {% endif %}
 {% endif %}
 {% if keepalived_enabled is defined and keepalived_enabled %}