From 2a9e7a0ffc2bb281c493edee5aea9b1d4d82e060 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20-=20Le=20Filament?= <theo@le-filament.com>
Date: Mon, 12 Jun 2023 15:48:50 +0200
Subject: [PATCH] feat: allow connection to GitLab on IPv6

---
 templates/ip6tables.conf.j2 | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/templates/ip6tables.conf.j2 b/templates/ip6tables.conf.j2
index a608840..75912e4 100644
--- a/templates/ip6tables.conf.j2
+++ b/templates/ip6tables.conf.j2
@@ -14,7 +14,17 @@
 # Autoriser le DHCPv6 sur le lien local uniquement
 -A INPUT -m state --state NEW -m udp -p udp -s fe80::/10 --dport 546 -j ACCEPT
 # SSH
--A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT
+{% if inventory_hostname in groups.gitlab | default([]) %}
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+# REGISTRY
+-A INPUT -p tcp -m tcp --dport 5050 -j ACCEPT
+{% endif %}
+# WEB
+{% if inventory_hostname in groups.odoo_server | default([]) | union(groups.owncloud_server | default([])) | union(groups.gitlab | default([])) %}
+-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
+{% endif %}
 # Log incoming traffic blocked by IPTables
 -A INPUT -j LOGGING
 ## OUTPUT chain
@@ -29,6 +39,10 @@
 # WEB
 -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
+{% if inventory_hostname in groups.gitlab | default([]) %}
+# Plesk WebHooks
+-A OUTPUT -p tcp -m tcp --dport 8443 -j ACCEPT
+{% endif %}
 # DNS
 -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
 -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
@@ -44,6 +58,10 @@
 -A OUTPUT -p udp -m udp -s fe80::/10 --dport 547 -j ACCEPT
 # GPG
 -A OUTPUT -p udp -m udp --dport 11371 -j ACCEPT
+{% if inventory_hostname in groups.odoo_server | default([]) %}
+# IMAP
+-A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT
+{% endif %}
 # Log outgoing traffic blocked by IPTables
 -A OUTPUT -j LOGGING
 ## LOGGING chain
-- 
GitLab