bundles/nginx: add iptables rules
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
88dd587fb4
commit
2d856a1e9a
GPG key ID:
12E3D2136B818350
1 changed files with 23 additions and 0 deletions
|
|
@ -124,3 +124,26 @@ def monitoring(metadata):
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@metadata_reactor
|
||||||
|
def iptables(metadata):
|
||||||
|
interfaces = metadata.get('nginx/restrict-to-interfaces', set())
|
||||||
|
iptables = []
|
||||||
|
|
||||||
|
if len(interfaces):
|
||||||
|
for iface in sorted(interfaces):
|
||||||
|
iptables.append(f'iptables -A INPUT -i {iface} -p tcp --dport 80 -j ACCEPT')
|
||||||
|
iptables.append(f'iptables -A INPUT -i {iface} -p tcp --dport 443 -j ACCEPT')
|
||||||
|
|
||||||
|
else:
|
||||||
|
iptables.append('iptables -A INPUT -p tcp --dport 80 -j ACCEPT')
|
||||||
|
iptables.append('iptables -A INPUT -p tcp --dport 443 -j ACCEPT')
|
||||||
|
|
||||||
|
return {
|
||||||
|
'iptables': {
|
||||||
|
'bundle_rules': {
|
||||||
|
'nginx': iptables,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue