library/roles/iptables/templates/iptables-rules.v4.j2: More conditionals for the postgres and mysql rules.

This commit is contained in:
Andrea Dell'Amico 2016-06-22 18:02:28 +02:00
parent 535fc78f1a
commit d975326a1b
2 changed files with 7 additions and 0 deletions

View File

@ -51,3 +51,6 @@ ganglia_enabled: False
nagios_enabled: False nagios_enabled: False
iptables_open_all_to_isti_nets: False iptables_open_all_to_isti_nets: False
tomcat_cluster_enabled: False tomcat_cluster_enabled: False
# Another variable needs to be defined before the db rules are set
psql_firewall_enabled: True
mysql_firewall_enabled: True

View File

@ -61,6 +61,7 @@
-A INPUT -m state --state NEW -m tcp -p tcp --dport {{ https_port }} -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport {{ https_port }} -j ACCEPT
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if psql_firewall_enabled %}
{% if psql_db_port is defined %} {% if psql_db_port is defined %}
{% if psql_listen_on_ext_int %} {% if psql_listen_on_ext_int %}
# postgresql clients # postgresql clients
@ -73,6 +74,8 @@
-A INPUT -m state --state NEW -s {{ ansible_default_ipv4.address }} -p tcp -m tcp --dport {{ psql_db_port }} -j ACCEPT -A INPUT -m state --state NEW -s {{ ansible_default_ipv4.address }} -p tcp -m tcp --dport {{ psql_db_port }} -j ACCEPT
-A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP -A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP
{% endif %} {% endif %}
{% endif %}
{% if mysql_firewall_enabled %}
{% if mysql_db_port is defined %} {% if mysql_db_port is defined %}
{% if mysql_listen_on_ext_int %} {% if mysql_listen_on_ext_int %}
# mysql clients # mysql clients
@ -85,6 +88,7 @@
-A INPUT -m state --state NEW -s {{ ansible_default_ipv4.address }} -p tcp -m tcp --dport {{ mysql_db_port }} -j ACCEPT -A INPUT -m state --state NEW -s {{ ansible_default_ipv4.address }} -p tcp -m tcp --dport {{ mysql_db_port }} -j ACCEPT
-A INPUT -p tcp -m tcp --dport {{ mysql_db_port }} -j DROP -A INPUT -p tcp -m tcp --dport {{ mysql_db_port }} -j DROP
{% endif %} {% endif %}
{% endif %}
{% if openldap_slapd_tcp_port is defined %} {% if openldap_slapd_tcp_port is defined %}
{% if openldap_allowed_clients is defined %} {% if openldap_allowed_clients is defined %}
# LDAP # LDAP