From 61d009f18d5886db8b22ae41e04bb41a4ba2fddb Mon Sep 17 00:00:00 2001
From: Quentin <quentin@deuxfleurs.fr>
Date: Sat, 1 Jun 2019 16:02:49 +0200
Subject: Initial commit

---
 ansible/roles/network/templates/rules.v4.j2 | 72 +++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)
 create mode 100644 ansible/roles/network/templates/rules.v4.j2

(limited to 'ansible/roles/network/templates/rules.v4.j2')

diff --git a/ansible/roles/network/templates/rules.v4.j2 b/ansible/roles/network/templates/rules.v4.j2
new file mode 100644
index 0000000..a77852f
--- /dev/null
+++ b/ansible/roles/network/templates/rules.v4.j2
@@ -0,0 +1,72 @@
+
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+
+# DNS
+-A INPUT -p udp  --dport 53 -j ACCEPT
+-A INPUT -p tcp  --dport 53 -j ACCEPT
+
+# Email
+-A INPUT -p tcp  --dport 993 -j ACCEPT
+-A INPUT -p tcp  --dport 25 -j ACCEPT
+-A INPUT -p tcp  --dport 465 -j ACCEPT
+-A INPUT -p tcp  --dport 587 -j ACCEPT
+
+# Old SSH configuration
+-A INPUT -p tcp  --dport 110 -j ACCEPT
+
+# New SSH configuration
+-A INPUT -p tcp  --dport 22 -j ACCEPT
+
+# LDAP
+-A INPUT -p tcp  --dport 389 -j ACCEPT
+
+# Web
+-A INPUT -p tcp  --dport 80 -j ACCEPT
+-A INPUT -p tcp  --dport 443 -j ACCEPT
+
+# Coturn
+-A INPUT -p tcp  --dport 3478 -j ACCEPT
+-A INPUT -p udp  --dport 3478 -j ACCEPT
+-A INPUT -p tcp  --dport 3479 -j ACCEPT
+-A INPUT -p udp  --dport 3479 -j ACCEPT
+
+# Cluster
+{% for selected_host in groups['cluster_nodes'] %}
+-A INPUT -s {{ hostvars[selected_host]['public_ip'] }} -j ACCEPT
+-A INPUT -s {{ hostvars[selected_host]['private_ip'] }} -j ACCEPT
+{% endfor %}
+
+# Rennes
+-A INPUT -s 82.253.205.190 -j ACCEPT
+
+-A INPUT -i docker0 -j ACCEPT
+
+-A INPUT -s 127.0.0.1/8 -j ACCEPT
+
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+COMMIT
+
+
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+
+COMMIT
+
+
+*mangle
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+
+COMMIT
+
+
-- 
cgit v1.2.3