Ben Vincent
b9465cd78b
- create classes for each class of in/out traffic - use hier_include to add firewall rules to each role
40 lines
1.0 KiB
Puppet
40 lines
1.0 KiB
Puppet
class firewall::rules::in::consul (
|
|
Boolean $is_server = false,
|
|
) {
|
|
|
|
# serf traffic (lan and wan)
|
|
nftables::rule { 'default_in-consul_udp_8301':
|
|
content => 'udp dport 8301 accept',
|
|
}
|
|
nftables::rule { 'default_in-consul_tcp_8301':
|
|
content => 'tcp dport 8301 accept',
|
|
}
|
|
nftables::rule { 'default_in-consul_udp_8302':
|
|
content => 'udp dport 8302 accept',
|
|
}
|
|
nftables::rule { 'default_in-consul_tcp_8302':
|
|
content => 'tcp dport 8302 accept',
|
|
}
|
|
|
|
if $is_server {
|
|
# dns interface
|
|
nftables::rule { 'default_in-consul_udp_8600':
|
|
content => 'udp dport 8600 accept',
|
|
}
|
|
nftables::rule { 'default_in-consul_tcp_8600':
|
|
content => 'tcp dport 8600 accept',
|
|
}
|
|
|
|
# communication with servers
|
|
nftables::rule { 'default_in-consul_tcp_8300':
|
|
content => 'tcp dport 8300 accept',
|
|
}
|
|
nftables::rule { 'default_in-consul_tcp_8500':
|
|
content => 'tcp dport 8500 accept',
|
|
}
|
|
nftables::rule { 'default_in-consul_tcp_8503':
|
|
content => 'tcp dport 8503 accept',
|
|
}
|
|
}
|
|
}
|