Reverse Proxy - The Big Commit

2025-12-24 01:43:11 +01:00 · 2018-10-10 21:24:24 -04:00
parent 2760012741
commit 8a25da1ee9
6 changed files with 107 additions and 38 deletions
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -88,6 +88,15 @@ enable_docker_user_established:

 # Rules if you are a Master
 {% if grains['role'] == 'so-master' %}
+#This should be more granular
+iptables_allow_master_docker:
+  iptables.insert:
+    - table: filter
+    - chain: INPUT
+    - jump: ACCEPT
+    - source: 172.17.0.0/24
+    - position: 1
+    - save: True

 {% for ip in pillar.get('masterfw')  %}
 # Allow Redis
@@ -216,6 +225,17 @@ enable_storagenode_redis_6379_{{ip}}:
    - position: 1
    - save: True

+enable_storagenode_ES_9300_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 9300
+    - position: 1
+    - save: True
+
 {% endfor %}

 # Allow Beats Endpoints to send their beats traffic