From 923258f9902d59d70a32c903b5c655601907df9c Mon Sep 17 00:00:00 2001
From: Sergio Oliveira <sergio@tracy.com.br>
Date: Thu, 16 Apr 2015 17:48:29 -0300
Subject: [PATCH] Added firewall template

---
 cookbooks/reverse_proxy/recipes/default.rb     |  2 ++
 cookbooks/reverse_proxy/templates/firewall.erb | 17 +++++++++++++++++
 2 files changed, 19 insertions(+), 0 deletions(-)
 create mode 100644 cookbooks/reverse_proxy/templates/firewall.erb

diff --git a/cookbooks/reverse_proxy/recipes/default.rb b/cookbooks/reverse_proxy/recipes/default.rb
index 8a10220..666057d 100644
--- a/cookbooks/reverse_proxy/recipes/default.rb
+++ b/cookbooks/reverse_proxy/recipes/default.rb
@@ -1,3 +1,5 @@
+package 'iptables-services'
+
 cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.crt" do
   owner 'root'
   group 'root'
diff --git a/cookbooks/reverse_proxy/templates/firewall.erb b/cookbooks/reverse_proxy/templates/firewall.erb
new file mode 100644
index 0000000..bdd1bc6
--- /dev/null
+++ b/cookbooks/reverse_proxy/templates/firewall.erb
@@ -0,0 +1,17 @@
+# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
+*nat
+:PREROUTING ACCEPT [5:493]
+:INPUT ACCEPT [5:493]
+:OUTPUT ACCEPT [2:138]
+:POSTROUTING ACCEPT [2:138]
+-A PREROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j DNAT --to-destination <%= node['peers']['integration'] %>:22
+-A POSTROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j SNAT --to-source <%= node['peers']['integration'] %>
+COMMIT
+# Completed on Thu Apr 16 20:28:15 2015
+# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
+*filter
+:INPUT ACCEPT [5675:7406907]
+:FORWARD ACCEPT [66:13348]
+:OUTPUT ACCEPT [3901:279969]
+COMMIT
+# Completed on Thu Apr 16 20:28:15 2015
--
libgit2 0.21.2