Download as
Browse Code »

Commit 1ea699c9c19bbd00bc9dab95f6719a0e1ded6d2c

Authored by Sergio Oliveira
1 parent 9b521d8c
Exists in master and in 66 other branches 3.x, add_you_are_here_breadcrumbs_label, api_for_colab, backup_not_prod, button_suspension_points_remove, cdtc_configuration, create_institution_bootstrap_modal, design_validation, dev-lappis, dev_env_minimal, disable_email_dev, docs, fix_edit_institution, fix_edit_software_with_another_license, fix_list_style_inside_article, fix_members_pagination, fix_models_translations, fix_no_license, fix_software_api, fix_software_block_migration, fix_validations_and_tests, focus_search_field_theme, gov-user-refactoring, gov-user-refactoring-rails4, header_fix, institution_modal_on_rating, kalibro-conf-refactoring, kalibro-processor-package, lxc, mailinglist_page_title, margin_fix, mezuro_cookbook, organization_rating_style_changes, performance, prezento, r3, refactor_software_communities, refactor_software_for_sisp, register_page, release-process, release-process-v2, remove-unused-images, remove_backup_emails, remove_secondary_email_from_user, removing_super_archives_email, review_message, scope2method, signals_user_noosfero, sisp_colab_config, sisp_dev, sisp_dev_master, sisp_simple_version, software_as_organization, software_catalog_style_fix, software_catalog_style_fixes, spb_minimal_env, spec_refactor, stable-4.x, stable-devel, support_docs, syslog, temp_soft_comm_refactoring, thread_dropdown, thread_page, update_software_api, update_softwares_boxes

Use integration as SSH gateway

Showing 3 changed files with 6 additions and 3 deletions   Show diff stats
cookbooks/firewall/templates/default/iptables.erb
  Diff comments   View file @1ea699c
@@ -18,8 +18,8 @@ @@ -18,8 +18,8 @@
18 18
19 -A INPUT -i lo -j ACCEPT 19 -A INPUT -i lo -j ACCEPT
20 20
21 -# Everybody need to accept SSH from reverseproxy  
22 --A INPUT -s <%= node['peers']['reverseproxy'] %> -p tcp -m state --state NEW --dport 22 -j ACCEPT 21 +# Everybody need to accept SSH from integration
  22 +-A INPUT -s <%= node['peers']['integration'] %> -p tcp -m state --state NEW --dport 22 -j ACCEPT
23 23
24 <%= node['firewall'] %> 24 <%= node['firewall'] %>
25 <%= render 'iptables-filter.erb' %> 25 <%= render 'iptables-filter.erb' %>
cookbooks/firewall/templates/host-integration/iptables-filter.erb
  Diff comments   View file @1ea699c
1 1
2 # Allow HTTP access 2 # Allow HTTP access
3 -A INPUT -s <%= node['peers']['reverseproxy'] %> -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT 3 -A INPUT -s <%= node['peers']['reverseproxy'] %> -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT
  4 +
  5 +# Allow SSH connections redirected from integration
  6 +-A INPUT -s <%= node['peers']['reverseproxy'] %> -p tcp -m state --state NEW --dport 22 -j ACCEPT
cookbooks/firewall/templates/host-reverseproxy/iptables-filter.erb
  Diff comments   View file @1ea699c
@@ -6,4 +6,4 @@ @@ -6,4 +6,4 @@
6 -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT 6 -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
7 7
8 # Real SSH connection 8 # Real SSH connection
9 --A INPUT -p tcp -m state --state NEW --dport <%= node['config']['alt_ssh_port'] %> -j ACCEPT 9 +-A INPUT -s <%= node['peers']['integration'] %> -p tcp -m state --state NEW --dport <%= node['config']['alt_ssh_port'] %> -j ACCEPT