Download as
Browse Code »

Commit db1fb8641bdc4572226e6dc5a10a72232a969849

Authored by Sergio Oliveira
1 parent c024c365
Exists in master and in 65 other branches 3.x, add_you_are_here_breadcrumbs_label, api_for_colab, backup, backup_not_prod, cdtc_configuration, create_institution_bootstrap_modal, design_validation, dev-lappis, dev_env_minimal, disable_email_dev, docs, fix_edit_software_permission, fix_edit_software_with_another_license, fix_hover_button_whitening, fix_members_pagination, fix_models_translations, fix_software_api, fix_software_block_migration, fix_validations_and_tests, focus_search_field_theme, gov-user-refactoring, gov-user-refactoring-rails4, header_fix, institution_modal_on_rating, kalibro-conf-refactoring, kalibro-processor-package, lxc, margin_fix, mezuro_cookbook, organization_rating_style_changes, performance, prezento, r3, refactor_software_communities, refactor_software_for_sisp, register_page, release-process, release-process-v2, remove-unused-images, remove_backup_emails, remove_secondary_email_from_user, removing_super_archives_email, review_message, scope2method, signals_community_noosfero, sisp_colab_config, sisp_dev, sisp_dev_master, sisp_improvements, sisp_simple_version, software_as_organization, software_catalog_style_fix, software_catalog_style_fixes, spb_minimal_env, spec_refactor, stable-4.x, stable-devel, support_docs, syslog, temp_soft_comm_refactoring, thread_dropdown, thread_page, update_software_api, update_softwares_boxes

Install iptables rules

Showing 3 changed files with 29 additions and 17 deletions   Show diff stats
cookbooks/reverse_proxy/recipes/default.rb
  Diff comments   View file @db1fb86
1 1 package 'iptables-services'
2 2  
  3 +service 'iptables' do
  4 + action :enable
  5 + supports :restart => true
  6 +end
  7 +
  8 +template '/etc/sysconfig/iptables' do
  9 + owner 'root'
  10 + group 'root'
  11 + mode 0644
  12 + notifies :restart, 'service[iptables]'
  13 +end
  14 +
3 15 cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.crt" do
4 16 owner 'root'
5 17 group 'root'
... ...
cookbooks/reverse_proxy/templates/firewall.erb
View file @c024c36
... ... @@ -1,17 +0,0 @@
1   -# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
2   -*nat
3   -:PREROUTING ACCEPT [5:493]
4   -:INPUT ACCEPT [5:493]
5   -:OUTPUT ACCEPT [2:138]
6   -:POSTROUTING ACCEPT [2:138]
7   --A PREROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j DNAT --to-destination <%= node['peers']['integration'] %>:22
8   --A POSTROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j SNAT --to-source <%= node['peers']['integration'] %>
9   -COMMIT
10   -# Completed on Thu Apr 16 20:28:15 2015
11   -# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
12   -*filter
13   -:INPUT ACCEPT [5675:7406907]
14   -:FORWARD ACCEPT [66:13348]
15   -:OUTPUT ACCEPT [3901:279969]
16   -COMMIT
17   -# Completed on Thu Apr 16 20:28:15 2015
cookbooks/reverse_proxy/templates/iptables.erb 0 → 100644
  Diff comments   View file @db1fb86
... ... @@ -0,0 +1,17 @@
  1 +# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
  2 +*nat
  3 +:PREROUTING ACCEPT [5:493]
  4 +:INPUT ACCEPT [5:493]
  5 +:OUTPUT ACCEPT [2:138]
  6 +:POSTROUTING ACCEPT [2:138]
  7 +-A PREROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j DNAT --to-destination <%= node['peers']['integration'] %>:22
  8 +-A POSTROUTING -d <%= node['peers']['integration'] %>/32 -p tcp -m tcp --dport 22 -j SNAT --to-source <%= node['peers']['reverseproxy'] %>
  9 +COMMIT
  10 +# Completed on Thu Apr 16 20:28:15 2015
  11 +# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
  12 +*filter
  13 +:INPUT ACCEPT [5675:7406907]
  14 +:FORWARD ACCEPT [66:13348]
  15 +:OUTPUT ACCEPT [3901:279969]
  16 +COMMIT
  17 +# Completed on Thu Apr 16 20:28:15 2015
... ...