feat: add firewall rules
- create classes for each class of in/out traffic - use hier_include to add firewall rules to each role
This commit is contained in:
@@ -1,4 +1,13 @@
|
||||
---
|
||||
hiera_include:
|
||||
- firewall::rules::in::consul
|
||||
- firewall::rules::in::dns
|
||||
- firewall::rules::in::http
|
||||
- firewall::rules::in::https
|
||||
- firewall::rules::in::sshd
|
||||
|
||||
firewall::rules::in::consul::is_server: true
|
||||
|
||||
profiles::consul::server::members_lookup: true
|
||||
profiles::consul::server::data_dir: /data/consul
|
||||
profiles::consul::server::addresses:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
hiera_include:
|
||||
- firewall::rules::in::ssh
|
||||
- firewall::rules::in::sshd
|
||||
- firewall::rules::in::vault
|
||||
|
||||
firewall::rules::in::ssh::ipset: jumphost
|
||||
|
||||
Reference in New Issue
Block a user