feat: iptables restriction in internal network

2025-12-10 01:18:33 +01:00 · 2023-07-04 20:09:19 +00:00
parent 2fa76b1e0f
commit 5824fd5778
6 changed files with 96 additions and 0 deletions
--- a/group_vars/monitoring.yaml
+++ b/group_vars/monitoring.yaml
@@ -1 +1,5 @@
 monitoring_master: true
+extra_internal_iptables_ports_allow:
+    - { "protocol" : "tcp", "port" : 8086, "comment" : "influx" }
+    - { "protocol" : "tcp", "port" : 514, "comment" : "rsyslog" }
+    - { "protocol" : "tcp", "port" : 5668, "comment" : "nsca-ng" }
--- a/group_vars/usermanagement.yaml
+++ b/group_vars/usermanagement.yaml
@@ -7,5 +7,8 @@ ldap_bind_dn: "cn=Manager,dc=atlantishq,dc=de"
 ldap_user_dn: "ou=People,dc=atlantishq,dc=de"
 ldap_connection_url: ldap://192.168.122.112

+extra_internal_iptables_ports_allow:
+    - { "protocol" : "tcp", "port" : 389, "comment" : "ldap" }
+
 extra_sheppy_pubkeys: |
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaABPy9h009vUQj+gewvhIO9kDpUBkkW5dGz6HsDxp6FLeZ0KOMTPZyRkwPHkC3Jee8vkTl2fFi7wjXhkWSpPe7H/RFdn6nHf5RSvM4aEwhkjD7E1lvf9lLRUXnISeFXFOdD3hpRXqT5yVP9O1S3Rk3b+i9HPlcw1vDmFHS5mZ+rXmxQSyHD8uuyCEL1Ri5IOz9XxycaJ/MHX2XaHWU+xgrQ2uvWrvhnibB3bhtf94GrHJQXRfjUc4nF3SG3937Fkdit5LozuDE3/mLoNN6PwXz13Z2acClpjiyOZQxpa2+TpwE5i2rWoZwsXv//yzohHbA30+qYSxJYQrYZ1XRyOSPFWSp3wwcuj8yMMqMJT2e75ZyWaHuoYuindOFW4VMR7pFppssnnbdLHvJGe5PZMSDxlyhUtkAK4p1nf2nEng3VjCBcn6UWK1po5DQmcLwkd0cQbWTLxHjH4sAtfyp7A8jsGLXrhWraMOOoU0JVkamZrq2BuSyaC5S7+KdvGCg3U= backupvm
--- a/group_vars/web1.yaml
+++ b/group_vars/web1.yaml
@@ -0,0 +1,2 @@
+extra_internal_iptables_ports_allow:
+    - { "protocol" : "tcp", "port" : 5004, "comment" : "signal-gateway" }
--- a/group_vars/zabbix.yaml
+++ b/group_vars/zabbix.yaml
@@ -0,0 +1,2 @@
+extra_internal_iptables_ports_allow:
+    - { "protocol" : "tcp", "port" : 10051, "comment" : "zabbix-server" }