forked from ISTI-ansible-roles/ansible-roles
library/roles/iptables/templates/iptables-rules.v4.j2: manage multiple IPs for the nagios server.
library/roles/iptables/templates/iptables-rules.v6.j2: set the same policy used by the ipv4 rules.
This commit is contained in:
parent
03a9c656be
commit
6eb98527ba
|
@ -12,7 +12,7 @@
|
||||||
{% if iptables_managed_ssh is defined and iptables_managed_ssh %}
|
{% if iptables_managed_ssh is defined and iptables_managed_ssh %}
|
||||||
{% if iptables_ssh_allowed_hosts is defined %}
|
{% if iptables_ssh_allowed_hosts is defined %}
|
||||||
# ssh is not open to all, even if we use denyhosts to prevent unauthorized accesses
|
# ssh is not open to all, even if we use denyhosts to prevent unauthorized accesses
|
||||||
{% for ip in ssh_allowed_hosts %}
|
{% for ip in iptables_ssh_allowed_hosts %}
|
||||||
-A INPUT -m state --state NEW -m tcp -p tcp -s {{ ip }} --dport 22 -j ACCEPT
|
-A INPUT -m state --state NEW -m tcp -p tcp -s {{ ip }} --dport 22 -j ACCEPT
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -134,9 +134,12 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if nagios_monitoring_server_ip is defined %}
|
{% if nagios_monitoring_server_ip is defined %}
|
||||||
|
{% for ip in nagios_monitoring_server_ip %}
|
||||||
# Nagios NRPE
|
# Nagios NRPE
|
||||||
-A INPUT -m state --state NEW -s {{ nagios_monitoring_server_ip }} -p tcp -m tcp --dport 5666 -j ACCEPT
|
-A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport 5666 -j ACCEPT
|
||||||
-A INPUT -s {{ nagios_monitoring_server_ip }} -p udp -m udp --dport 123 -j ACCEPT
|
# Check ntp from the nagios server
|
||||||
|
-A INPUT -s {{ ip }} -p udp -m udp --dport 123 -j ACCEPT
|
||||||
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if munin_server is defined and configure_munin is defined and configure_munin %}
|
{% if munin_server is defined and configure_munin is defined and configure_munin %}
|
||||||
|
|
|
@ -2,4 +2,11 @@
|
||||||
:INPUT ACCEPT [0:0]
|
:INPUT ACCEPT [0:0]
|
||||||
:FORWARD ACCEPT [0:0]
|
:FORWARD ACCEPT [0:0]
|
||||||
:OUTPUT ACCEPT [0:0]
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
{% if iptables_default_policy == 'REJECT' %}
|
||||||
|
-A INPUT -j REJECT --reject-with icmp-host-prohibited
|
||||||
|
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
|
||||||
|
{% else %}
|
||||||
|
-A INPUT -j {{ iptables_default_policy }}
|
||||||
|
-A FORWARD -j {{ iptables_default_policy }}
|
||||||
|
{% endif %}
|
||||||
COMMIT
|
COMMIT
|
||||||
|
|
Loading…
Reference in New Issue