Download as
Browse Code »

Commit db1fb8641bdc4572226e6dc5a10a72232a969849

Authored by Sergio Oliveira
1 parent c024c365
Exists in master and in 67 other branches 3.x, add_you_are_here_breadcrumbs_label, api_for_colab, backup, backup_not_prod, button_suspension_points_remove, cdtc_configuration, create_institution_bootstrap_modal, design_validation, dev-lappis, dev_env_minimal, disable_email_dev, docs, fix_edit_institution, fix_edit_software_with_another_license, fix_list_style_inside_article, fix_members_pagination, fix_models_translations, fix_no_license, fix_software_api, fix_software_block_migration, fix_validations_and_tests, focus_search_field_theme, gov-user-refactoring, gov-user-refactoring-rails4, header_fix, institution_modal_on_rating, kalibro-conf-refactoring, kalibro-processor-package, lxc, mailinglist_page_title, margin_fix, mezuro_cookbook, organization_rating_style_changes, performance, prezento, r3, refactor_software_communities, refactor_software_for_sisp, register_page, release-process, release-process-v2, remove-unused-images, remove_backup_emails, remove_secondary_email_from_user, removing_super_archives_email, review_message, scope2method, signals_user_noosfero, sisp_colab_config, sisp_dev, sisp_dev_master, sisp_simple_version, software_as_organization, software_catalog_style_fix, software_catalog_style_fixes, spb_minimal_env, spec_refactor, stable-4.x, stable-devel, support_docs, syslog, temp_soft_comm_refactoring, thread_dropdown, thread_page, update_software_api, update_softwares_boxes

Install iptables rules

Showing 3 changed files with 29 additions and 17 deletions   Show diff stats
cookbooks/reverse_proxy/recipes/default.rb
  Diff comments   View file @db1fb86
1 package 'iptables-services' 1 package 'iptables-services'
2 2
  3 +service 'iptables' do
  4 + action :enable
  5 + supports :restart => true
  6 +end
  7 +
  8 +template '/etc/sysconfig/iptables' do
  9 + owner 'root'
  10 + group 'root'
  11 + mode 0644
  12 + notifies :restart, 'service[iptables]'
  13 +end
  14 +
3 cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.crt" do 15 cookbook_file "/etc/nginx/#{node['config']['external_hostname']}.crt" do
4 owner 'root' 16 owner 'root'
5 group 'root' 17 group 'root'
cookbooks/reverse_proxy/templates/firewall.erb
View file @c024c36
@@ -1,17 +0,0 @@ @@ -1,17 +0,0 @@
1 -# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015  
2 -*nat  
3 -:PREROUTING ACCEPT [5:493]  
4 -:INPUT ACCEPT [5:493]  
5 -:OUTPUT ACCEPT [2:138]  
6 -:POSTROUTING ACCEPT [2:138]  
7 --A PREROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j DNAT --to-destination <%= node['peers']['integration'] %>:22  
8 --A POSTROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j SNAT --to-source <%= node['peers']['integration'] %>  
9 -COMMIT  
10 -# Completed on Thu Apr 16 20:28:15 2015  
11 -# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015  
12 -*filter  
13 -:INPUT ACCEPT [5675:7406907]  
14 -:FORWARD ACCEPT [66:13348]  
15 -:OUTPUT ACCEPT [3901:279969]  
16 -COMMIT  
17 -# Completed on Thu Apr 16 20:28:15 2015  
cookbooks/reverse_proxy/templates/iptables.erb 0 → 100644
  Diff comments   View file @db1fb86
@@ -0,0 +1,17 @@ @@ -0,0 +1,17 @@
  1 +# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
  2 +*nat
  3 +:PREROUTING ACCEPT [5:493]
  4 +:INPUT ACCEPT [5:493]
  5 +:OUTPUT ACCEPT [2:138]
  6 +:POSTROUTING ACCEPT [2:138]
  7 +-A PREROUTING -d <%= node['peers']['reverseproxy'] %>/32 -p tcp -m tcp --dport 22 -j DNAT --to-destination <%= node['peers']['integration'] %>:22
  8 +-A POSTROUTING -d <%= node['peers']['integration'] %>/32 -p tcp -m tcp --dport 22 -j SNAT --to-source <%= node['peers']['reverseproxy'] %>
  9 +COMMIT
  10 +# Completed on Thu Apr 16 20:28:15 2015
  11 +# Generated by iptables-save v1.4.21 on Thu Apr 16 20:28:15 2015
  12 +*filter
  13 +:INPUT ACCEPT [5675:7406907]
  14 +:FORWARD ACCEPT [66:13348]
  15 +:OUTPUT ACCEPT [3901:279969]
  16 +COMMIT
  17 +# Completed on Thu Apr 16 20:28:15 2015