Skip to content
Extraits de code Groupes Projets
Valider 0e5d83a3 rédigé par Théo - Le Filament's avatar Théo - Le Filament
Parcourir les fichiers

fix all error when groups are missing

parent 328b050c
Aucune branche associée trouvée
Aucune étiquette associée trouvée
Aucune requête de fusion associée trouvée
Afficher les modifications d'espaces
En ligne Côte à côte
Affichage de
avec 14 ajouts et 14 suppressions
templates/iptables.conf.j2
+ 14
14
Voir le fichier @ 0e5d83a3
...@@ -3,14 +3,14 @@ ...@@ -3,14 +3,14 @@
:INPUT DROP [0:0] :INPUT DROP [0:0]
:FORWARD DROP [0:0] :FORWARD DROP [0:0]
:OUTPUT DROP [0:0] :OUTPUT DROP [0:0]
{% if 'docker_elk' in groups and inventory_hostname in groups.docker_elk %} {% if inventory_hostname in groups.docker_elk | default([]) %}
:DOCKER-USER - [0:0] :DOCKER-USER - [0:0]
{% endif %} {% endif %}
:LOGGING - [0:0] :LOGGING - [0:0]
{% if 'docker_elk' in groups and inventory_hostname in groups.docker_elk %} {% if inventory_hostname in groups.docker_elk | default([]) %}
## DOCKER-USER chain ## DOCKER-USER chain
# Autoriser les logs entrants des serveurs en maintenance # Autoriser les logs entrants des serveurs en maintenance
{% for host in groups.full_maintenance %} {% for host in groups.full_maintenance | default([]) %}
-A DOCKER-USER -s {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport {{ logstash_port }} -m state --state NEW,ESTABLISHED -j ACCEPT -A DOCKER-USER -s {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport {{ logstash_port }} -m state --state NEW,ESTABLISHED -j ACCEPT
{% endfor %} {% endfor %}
-A DOCKER-USER -p tcp -m tcp --dport {{ logstash_port }} -j LOGGING -A DOCKER-USER -p tcp -m tcp --dport {{ logstash_port }} -j LOGGING
...@@ -22,29 +22,29 @@ ...@@ -22,29 +22,29 @@
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
# ICMP (Ping) # ICMP (Ping)
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
{% if inventory_hostname in groups.docker_nagios %} {% if inventory_hostname in groups.docker_nagios | default([]) %}
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
{% endif %} {% endif %}
# SSH # SSH
-A INPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT -A INPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT
{% if inventory_hostname in groups.gitlab %} {% if inventory_hostname in groups.gitlab | default([]) %}
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# REGISTRY # REGISTRY
-A INPUT -p tcp -m tcp --dport 5050 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5050 -j ACCEPT
{% endif %} {% endif %}
# WEB # WEB
{% if inventory_hostname in groups.odoo_server | union(groups.owncloud_server) | union(groups.gitlab) %} {% if inventory_hostname in groups.odoo_server | default([]) | union(groups.owncloud_server | default([])) | union(groups.gitlab | default([])) %}
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
{% endif %} {% endif %}
{% if 'docker_gitlab' in groups and inventory_hostname in groups.docker_nagios %} {% if inventory_hostname in groups.docker_nagios | default([]) %}
-A INPUT -s 192.168.239.0/24 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -s 192.168.239.0/24 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
{% endif %} {% endif %}
# NRPE # NRPE
{% for host in groups.docker_nagios %} {% for host in groups.docker_nagios | default([]) %}
-A INPUT -s {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -s {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT
{% endfor %} {% endfor %}
{% if inventory_hostname in groups.docker_nagios %} {% if inventory_hostname in groups.docker_nagios | default([]) %}
-A INPUT -s 192.168.239.0/24 -p tcp -m tcp --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -s 192.168.239.0/24 -p tcp -m tcp --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT
{% endif %} {% endif %}
{% if inventory_hostname == "CGScop" %} {% if inventory_hostname == "CGScop" %}
...@@ -61,7 +61,7 @@ ...@@ -61,7 +61,7 @@
-A OUTPUT -o lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT
# ICMP (Ping) # ICMP (Ping)
-A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
{% if inventory_hostname in groups.docker_nagios %} {% if inventory_hostname in groups.docker_nagios | default([]) %}
-A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
{% endif %} {% endif %}
{% if inventory_hostname == "ICCFinance_Pilotage" %} {% if inventory_hostname == "ICCFinance_Pilotage" %}
...@@ -72,14 +72,14 @@ ...@@ -72,14 +72,14 @@
-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
{% endif %} {% endif %}
-A OUTPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT -A OUTPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT
{% for host in groups.gitlab | union(groups.docker_gitlab | default([])) %} {% for host in groups.gitlab | default([]) | union(groups.docker_gitlab | default([])) %}
-A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 22 -j ACCEPT -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 5050 -j ACCEPT -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 5050 -j ACCEPT
{% endfor %} {% endfor %}
# WEB # WEB
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
{% if inventory_hostname in groups.gitlab %} {% if inventory_hostname in groups.gitlab | default([]) %}
# Plesk WebHooks # Plesk WebHooks
-A OUTPUT -p tcp -m tcp --dport 8443 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 8443 -j ACCEPT
{% endif %} {% endif %}
...@@ -98,14 +98,14 @@ ...@@ -98,14 +98,14 @@
-A OUTPUT -p udp -m udp --dport 67 -j ACCEPT -A OUTPUT -p udp -m udp --dport 67 -j ACCEPT
# GPG # GPG
-A OUTPUT -p udp -m udp --dport 11371 -j ACCEPT -A OUTPUT -p udp -m udp --dport 11371 -j ACCEPT
{% if inventory_hostname in groups.full_maintenance %} {% if inventory_hostname in groups.full_maintenance | default([]) %}
# Log Server # Log Server
{% for host in groups.docker_elk | default([]) %} {% for host in groups.docker_elk | default([]) %}
-A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT
{% endfor %} {% endfor %}
-A OUTPUT -d {{ logstash_public_ip }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT -A OUTPUT -d {{ logstash_public_ip }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT
{% endif %} {% endif %}
{% if inventory_hostname in groups.odoo_server %} {% if inventory_hostname in groups.odoo_server | default([]) %}
# IMAP # IMAP
-A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT
{% endif %} {% endif %}
......
0% ou .
You are about to add 0 people to the discussion. Proceed with caution.
Veuillez vous inscrire ou vous pour commenter