Firewall Module - Add Firewall rules specific to masters

2025-12-06 17:22:49 +01:00 · 2018-09-21 08:57:35 -04:00
parent 27579a6150
commit cc5536a511
2 changed files with 17 additions and 1 deletions
--- a/pillar/firewall/masterfw.sls
+++ b/pillar/firewall/masterfw.sls
@@ -1 +1,2 @@
-#masterfw.sls
+masterfw:
+  - 127.0.0.1
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -101,6 +101,21 @@ enable_docker_user_established:
 # Rules if you are a Master
 {% if grains['role'] == 'so-master' %}

+{% for ip in pillar.get('masterfw')  %}
+# Allow Redis
+enable_maternode_redis_6379_{{ip}}:
+  iptables.insert:
+    - table: filter
+    - chain: DOCKER-USER
+    - jump: ACCEPT
+    - proto: tcp
+    - source: {{ ip }}
+    - dport: 6379
+    - position: 1
+    - save: True
+
+{% endfor %}
+
 # Make it so all the minions can talk to salt and update etc.
 {% for ip in pillar.get('minions')  %}