Download as
Browse Code »

Commit 923258f9902d59d70a32c903b5c655601907df9c

Authored by Sergio Oliveira
1 parent 279ab334
Exists in master and in 65 other branches 3.x, add_you_are_here_breadcrumbs_label, api_for_colab, backup, backup_not_prod, cdtc_configuration, create_institution_bootstrap_modal, design_validation, dev-lappis, dev_env_minimal, disable_email_dev, docs, fix_edit_software_permission, fix_edit_software_with_another_license, fix_hover_button_whitening, fix_members_pagination, fix_models_translations, fix_software_api, fix_software_block_migration, fix_validations_and_tests, focus_search_field_theme, gov-user-refactoring, gov-user-refactoring-rails4, header_fix, institution_modal_on_rating, kalibro-conf-refactoring, kalibro-processor-package, lxc, margin_fix, mezuro_cookbook, organization_rating_style_changes, performance, prezento, r3, refactor_software_communities, refactor_software_for_sisp, register_page, release-process, release-process-v2, remove-unused-images, remove_backup_emails, remove_secondary_email_from_user, removing_super_archives_email, review_message, scope2method, signals_community_noosfero, sisp_colab_config, sisp_dev, sisp_dev_master, sisp_improvements, sisp_simple_version, software_as_organization, software_catalog_style_fix, software_catalog_style_fixes, spb_minimal_env, spec_refactor, stable-4.x, stable-devel, support_docs, syslog, temp_soft_comm_refactoring, thread_dropdown, thread_page, update_software_api, update_softwares_boxes

Added firewall template

Showing 2 changed files with 19 additions and 0 deletions   Show diff stats
cookbooks/reverse_proxy/recipes/default.rb
  Diff comments   View file @923258f
  1 +package 'iptables-services'
  2 +
1 3 cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.crt" do
2 4 owner 'root'
3 5 group 'root'
... ...
cookbooks/reverse_proxy/templates/firewall.erb 0 → 100644
  Diff comments   View file @923258f
... ... @@ -0,0 +1,17 @@
  1 +# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
  2 +*nat
  3 +:PREROUTING ACCEPT [5:493]
  4 +:INPUT ACCEPT [5:493]
  5 +:OUTPUT ACCEPT [2:138]
  6 +:POSTROUTING ACCEPT [2:138]
  7 +-A PREROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j DNAT --to-destination <%= node['peers']['integration'] %>:22
  8 +-A POSTROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j SNAT --to-source <%= node['peers']['integration'] %>
  9 +COMMIT
  10 +# Completed on Thu Apr 16 20:28:15 2015
  11 +# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
  12 +*filter
  13 +:INPUT ACCEPT [5675:7406907]
  14 +:FORWARD ACCEPT [66:13348]
  15 +:OUTPUT ACCEPT [3901:279969]
  16 +COMMIT
  17 +# Completed on Thu Apr 16 20:28:15 2015
... ...