From 4cb7926fa403936802e0b742b5aa5731ed001fab Mon Sep 17 00:00:00 2001
From: Peter <peter@pfoe.be>
Date: Sun, 20 Oct 2024 17:46:10 +0200
Subject: [PATCH] add support for open ports and udp

---
 roles/ppm/templates/ppmfirewall.j2 | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/roles/ppm/templates/ppmfirewall.j2 b/roles/ppm/templates/ppmfirewall.j2
index efee383..1682c11 100644
--- a/roles/ppm/templates/ppmfirewall.j2
+++ b/roles/ppm/templates/ppmfirewall.j2
@@ -5,11 +5,16 @@
 {% for ppm_app in ppm_apps %}
 # Firewall for {{ ppm_app.user }}
 {% for redirect in ppm_app.firewall_redirect | default([]) %}
-# Redirect {{ redirect.from }} to {{ redirect.to }}
-iptables -A INPUT -p tcp --dport {{ redirect.from }} -j ACCEPT
-ip6tables -A INPUT -p tcp --dport {{ redirect.from }} -j ACCEPT
-iptables -t nat -A PREROUTING -p tcp --dport {{ redirect.to }} -j REDIRECT --to-ports {{ redirect.from }}
-ip6tables -t nat -A PREROUTING -p tcp --dport {{ redirect.to }} -j REDIRECT --to-ports {{ redirect.from }}
+# Redirect {{ redirect.from }} to {{ redirect.to }} ({{ redirect.proto | default('tcp') }})
+iptables -A INPUT -p {{ redirect.proto | default('tcp') }} --dport {{ redirect.from }} -j ACCEPT
+ip6tables -A INPUT -p {{ redirect.proto | default('tcp') }} --dport {{ redirect.from }} -j ACCEPT
+iptables -t nat -A PREROUTING -p {{ redirect.proto | default('tcp') }} --dport {{ redirect.to }} -j REDIRECT --to-ports {{ redirect.from }}
+ip6tables -t nat -A PREROUTING -p {{ redirect.proto | default('tcp') }} --dport {{ redirect.to }} -j REDIRECT --to-ports {{ redirect.from }}
+{% endfor %}
+{% for openport in ppm_app.firewall_openport | default([]) %}
+# Open port {{ openport.port }} ({{ openport.proto | default('tcp') }})
+iptables -A INPUT -p {{ openport.proto | default('tcp') }} --dport {{ openport.port }} -j ACCEPT
+ip6tables -A INPUT -p {{ openport.proto | default('tcp') }} --dport {{ openport.port }} -j ACCEPT
 {% endfor %}
 
 {% endfor %}