bundles/nginx: add iptables rules
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
88dd587fb4
commit
2d856a1e9a
GPG key ID:
12E3D2136B818350
1 changed files with 23 additions and 0 deletions
|
|
@ -124,3 +124,26 @@ def monitoring(metadata):
|
|||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@metadata_reactor
|
||||
def iptables(metadata):
|
||||
interfaces = metadata.get('nginx/restrict-to-interfaces', set())
|
||||
iptables = []
|
||||
|
||||
if len(interfaces):
|
||||
for iface in sorted(interfaces):
|
||||
iptables.append(f'iptables -A INPUT -i {iface} -p tcp --dport 80 -j ACCEPT')
|
||||
iptables.append(f'iptables -A INPUT -i {iface} -p tcp --dport 443 -j ACCEPT')
|
||||
|
||||
else:
|
||||
iptables.append('iptables -A INPUT -p tcp --dport 80 -j ACCEPT')
|
||||
iptables.append('iptables -A INPUT -p tcp --dport 443 -j ACCEPT')
|
||||
|
||||
return {
|
||||
'iptables': {
|
||||
'bundle_rules': {
|
||||
'nginx': iptables,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue