ISTI-ansible-roles
/
ansible-roles
4
0
Fork 3
Code Issues Pull Requests Releases Wiki Activity

Restrict the prometheus ports range.

This commit is contained in:
Andrea Dell'Amico 2019-05-02 11:54:57 +02:00
parent b00926c1d5
commit d27de1cf7c
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
iptables/templates/iptables-rules.v4.j2
View File

@ -316,11 +316,11 @@
{% if prometheus_enabled is defined and prometheus_enabled %}
{% if prometheus_servers_ip is defined %}
{% for ip in prometheus_servers_ip %}
-A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport 9100:9300 -j ACCEPT
-A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport 9100:9110 -j ACCEPT
{% endfor %}
-A INPUT -m state --state NEW -p tcp -m tcp --dport 9100:9300 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -m state --state NEW -p tcp -m tcp --dport 9100:9110 -j REJECT --reject-with icmp-host-prohibited
{% else %}
-A INPUT -m state --state NEW -p tcp -m tcp --dport 9100:9300 -j ACCEPT
-A INPUT -m state --state NEW -p tcp -m tcp --dport 9100:9110 -j ACCEPT
{% endif %}
{% endif %}
{% if keepalived_enabled is defined and keepalived_enabled %}