Download as
Browse Code »

Commit 1ea699c9c19bbd00bc9dab95f6719a0e1ded6d2c

Authored by Sergio Oliveira
1 parent 9b521d8c
Exists in master and in 36 other branches add_super_archives_plugin, automates_core_packing, changes_in_buttons_on_content_panel, colab_fix_automatic_group_creation_bug, gitlab-8.x, gov-user-refactoring, gov-user-refactoring-rails4, gov-user-to-organization, high_contrast, high_contrast_style, institution_modal_on_rating, kalibro-conf-refactoring, kalibro-processor-package, mezuro_spb, packaging_colab_plugins, performance, refactor_software_communities, refactor_software_communities_rails4, refactor_software_for_sisp, refactor_software_info_to_software, register_page, remove-unused-images, removing_super_archives_email, restore, signals_user_noosfero, software_as_organization, spb_minimal_env, stable-4.1, stable-4.2, stable-4.x, stable-5.0, stable-5.1, stable-devel, temp_soft_comm_refactoring, theme_header, thread_page

Use integration as SSH gateway

Showing 3 changed files with 6 additions and 3 deletions   Show diff stats
cookbooks/firewall/templates/default/iptables.erb
  Diff comments   View file @1ea699c
... ... @@ -18,8 +18,8 @@
18 18  
19 19 -A INPUT -i lo -j ACCEPT
20 20  
21   -# Everybody need to accept SSH from reverseproxy
22   --A INPUT -s <%= node['peers']['reverseproxy'] %> -p tcp -m state --state NEW --dport 22 -j ACCEPT
  21 +# Everybody need to accept SSH from integration
  22 +-A INPUT -s <%= node['peers']['integration'] %> -p tcp -m state --state NEW --dport 22 -j ACCEPT
23 23  
24 24 <%= node['firewall'] %>
25 25 <%= render 'iptables-filter.erb' %>
... ...
cookbooks/firewall/templates/host-integration/iptables-filter.erb
  Diff comments   View file @1ea699c
1 1  
2 2 # Allow HTTP access
3 3 -A INPUT -s <%= node['peers']['reverseproxy'] %> -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT
  4 +
  5 +# Allow SSH connections redirected from integration
  6 +-A INPUT -s <%= node['peers']['reverseproxy'] %> -p tcp -m state --state NEW --dport 22 -j ACCEPT
... ...
cookbooks/firewall/templates/host-reverseproxy/iptables-filter.erb
  Diff comments   View file @1ea699c
... ... @@ -6,4 +6,4 @@
6 6 -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
7 7  
8 8 # Real SSH connection
9   --A INPUT -p tcp -m state --state NEW --dport <%= node['config']['alt_ssh_port'] %> -j ACCEPT
  9 +-A INPUT -s <%= node['peers']['integration'] %> -p tcp -m state --state NEW --dport <%= node['config']['alt_ssh_port'] %> -j ACCEPT
... ...