ppm/ansible-ppm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add support for open ports and udp

Browse source
This commit is contained in:
Peter 2024-10-20 17:46:10 +02:00
parent 6f50de798b
commit 4cb7926fa4
1 changed files with 10 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

15
roles/ppm/templates/ppmfirewall.j2
View file

@ -5,11 +5,16 @@
{% for ppm_app in ppm_apps %}
# Firewall for {{ ppm_app.user }}
{% for redirect in ppm_app.firewall_redirect | default([]) %}
# Redirect {{ redirect.from }} to {{ redirect.to }}
iptables -A INPUT -p tcp --dport {{ redirect.from }} -j ACCEPT
ip6tables -A INPUT -p tcp --dport {{ redirect.from }} -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport {{ redirect.to }} -j REDIRECT --to-ports {{ redirect.from }}
ip6tables -t nat -A PREROUTING -p tcp --dport {{ redirect.to }} -j REDIRECT --to-ports {{ redirect.from }}
# Redirect {{ redirect.from }} to {{ redirect.to }} ({{ redirect.proto | default('tcp') }})
iptables -A INPUT -p {{ redirect.proto | default('tcp') }} --dport {{ redirect.from }} -j ACCEPT
ip6tables -A INPUT -p {{ redirect.proto | default('tcp') }} --dport {{ redirect.from }} -j ACCEPT
iptables -t nat -A PREROUTING -p {{ redirect.proto | default('tcp') }} --dport {{ redirect.to }} -j REDIRECT --to-ports {{ redirect.from }}
ip6tables -t nat -A PREROUTING -p {{ redirect.proto | default('tcp') }} --dport {{ redirect.to }} -j REDIRECT --to-ports {{ redirect.from }}
{% endfor %}
{% for openport in ppm_app.firewall_openport | default([]) %}
# Open port {{ openport.port }} ({{ openport.proto | default('tcp') }})
iptables -A INPUT -p {{ openport.proto | default('tcp') }} --dport {{ openport.port }} -j ACCEPT
ip6tables -A INPUT -p {{ openport.proto | default('tcp') }} --dport {{ openport.port }} -j ACCEPT
{% endfor %}
{% endfor %}