From 88451a1ef0099c4e69745e5c110dd973626b8645 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20-=20Le=20Filament?= <remi@le-filament.com>
Date: Thu, 3 Jun 2021 06:47:28 +0200
Subject: [PATCH] Add logstash public IP rule

---
 README.md                  | 1 +
 defaults/main.yml          | 1 +
 templates/iptables.conf.j2 | 1 +
 3 files changed, 3 insertions(+)

diff --git a/README.md b/README.md
index b822536..3037de4 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@ Other variables that are used in this role (with default values in defaults/main
 * dockremap_subuid : first subuid used for user namespace remap for Docker (defaults to 165536) - should be retrieved by docker_server role in host_vars
 * dockremap_subgid : first subgid used for user namespace remap for Docker (defaults to 165536) - should be retrieved by docker_server role in host_vars
 * logstash_port : port on which logstash server is listening for log collection (defaults to 5044)
+* logstash_public_ip : logstash public ip address for log collection (defaults to 127.0.0.1)
 * private_pull : whether a scheduled pulling of files via SFTP is to be performed on server (defaults to false)
 
 
diff --git a/defaults/main.yml b/defaults/main.yml
index 7c814f4..faa0c32 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,4 +6,5 @@ docker_userns_remap: true
 dockremap_subuid: 165536
 dockremap_subgid: 165536
 logstash_port: 5044
+logstash_public_ip: "127.0.0.1"
 private_pull: false
diff --git a/templates/iptables.conf.j2 b/templates/iptables.conf.j2
index 35e5c74..28f407f 100644
--- a/templates/iptables.conf.j2
+++ b/templates/iptables.conf.j2
@@ -95,6 +95,7 @@
 {% for host in groups.docker_elk %}
 -A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT
 {% endfor %}
+-A OUTPUT -d {{ logstash_public_ip }} -p tcp -m tcp --dport {{ logstash_port }} -j ACCEPT
 {% endif %}
 {% if inventory_hostname in groups.odoo_server %}
 # IMAP
-- 
GitLab