tpiccioli
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixes #633. Variable to globally define the postgresql firewall.

This commit is contained in:
Andrea Dell'Amico 2020-04-20 13:06:25 +02:00
parent 4c007fbab7
commit 010579681e
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
library/roles/iptables/templates/iptables-rules.v4.j2
View File

@ -74,6 +74,12 @@
{% if psql_firewall_enabled %} {% if psql_firewall_enabled %}
{% if psql_db_port is defined %} {% if psql_db_port is defined %}
{% if psql_listen_on_ext_int is defined and psql_listen_on_ext_int %} {% if psql_listen_on_ext_int is defined and psql_listen_on_ext_int %}
{% if psql_global_firewall is defined %}
{% for cidr in psql_global_firewall %}
-A INPUT -m state --state NEW -s {{ cidr }} -p tcp -m tcp --dport {{ psql_db_port }} -j ACCEPT
{% endfor %}
-A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP
{% else %}
{% if psql_db_data is defined %} {% if psql_db_data is defined %}
# postgresql clients # postgresql clients
{% for db in psql_db_data %} {% for db in psql_db_data %}
@ -87,6 +93,7 @@
-A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP -A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP
{% endif %} {% endif %}
{% endif %} {% endif %}
{% endif %}
{% if mysql_firewall_enabled %} {% if mysql_firewall_enabled %}
{% if mysql_db_port is defined %} {% if mysql_db_port is defined %}
{% if mysql_listen_on_ext_int %} {% if mysql_listen_on_ext_int %}