From 2a9e7a0ffc2bb281c493edee5aea9b1d4d82e060 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20-=20Le=20Filament?= <theo@le-filament.com> Date: Mon, 12 Jun 2023 15:48:50 +0200 Subject: [PATCH] feat: allow connection to GitLab on IPv6 --- templates/ip6tables.conf.j2 | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/templates/ip6tables.conf.j2 b/templates/ip6tables.conf.j2 index a608840..75912e4 100644 --- a/templates/ip6tables.conf.j2 +++ b/templates/ip6tables.conf.j2 @@ -14,7 +14,17 @@ # Autoriser le DHCPv6 sur le lien local uniquement -A INPUT -m state --state NEW -m udp -p udp -s fe80::/10 --dport 546 -j ACCEPT # SSH --A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT +-A INPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT +{% if inventory_hostname in groups.gitlab | default([]) %} +-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT +# REGISTRY +-A INPUT -p tcp -m tcp --dport 5050 -j ACCEPT +{% endif %} +# WEB +{% if inventory_hostname in groups.odoo_server | default([]) | union(groups.owncloud_server | default([])) | union(groups.gitlab | default([])) %} +-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT +{% endif %} # Log incoming traffic blocked by IPTables -A INPUT -j LOGGING ## OUTPUT chain @@ -29,6 +39,10 @@ # WEB -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT +{% if inventory_hostname in groups.gitlab | default([]) %} +# Plesk WebHooks +-A OUTPUT -p tcp -m tcp --dport 8443 -j ACCEPT +{% endif %} # DNS -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT @@ -44,6 +58,10 @@ -A OUTPUT -p udp -m udp -s fe80::/10 --dport 547 -j ACCEPT # GPG -A OUTPUT -p udp -m udp --dport 11371 -j ACCEPT +{% if inventory_hostname in groups.odoo_server | default([]) %} +# IMAP +-A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT +{% endif %} # Log outgoing traffic blocked by IPTables -A OUTPUT -j LOGGING ## LOGGING chain -- GitLab