status-im
/
infra-role-open-ports
mirror of https://github.com/status-im/infra-role-open-ports.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Ansible role for opening ports using iptables rules
18 Commits 1 Branch 0 Tags 68 KiB
Go to file
Jakub Sokołowski c3be58b7a2
drop iptables firewall configuration 
All fleets have already been migrated to NFTables:
https://github.com/status-im/infra-misc/issues/301

Signed-off-by: Jakub Sokołowski <jakub@status.im>
 		2024-10-18 12:57:42 +02:00
defaults drop iptables firewall configuration 2024-10-18 12:57:42 +02:00
handlers drop iptables firewall configuration 2024-10-18 12:57:42 +02:00
meta drop iptables firewall configuration 2024-10-18 12:57:42 +02:00
tasks drop iptables firewall configuration 2024-10-18 12:57:42 +02:00
templates nftables: add support for daddr flag 2024-07-09 01:16:59 +02:00
README.md drop iptables firewall configuration 2024-10-18 12:57:42 +02:00

README.md

Description

This is a small helper role that just opens ports in NFTables firewall rules.

Configuration

For a service running locally use:

open_ports_nftables: true
open_ports_list:
  nginx:
    - { port: 443,  protocol: 'tcp' }
  service-x:
    - { port: 8001, protocol: 'tcp', iif: 'tun0' }
    - { port: 9100, protocol: 'tcp', comment: 'Protocol XYZ' }
    - { port: 9200, protocol: 'tcp', ipset: 'hq.metrics' }
    # It's possible to define raw rules in NFTables format.
    - 'tcp dport {3001, 3002} iif lo accept comment "Raw rule"'