From 4e338917dc7175d63bb9f4cb5b16e7063efb5693 Mon Sep 17 00:00:00 2001 From: Ryan Cavicchioni Date: Sun, 14 Apr 2024 17:45:16 -0500 Subject: [PATCH] iptables: open ports for promtail syslog --- roles/firewall/templates/ip6tables.j2 | 3 +++ roles/firewall/templates/iptables.j2 | 2 ++ 2 files changed, 5 insertions(+) diff --git a/roles/firewall/templates/ip6tables.j2 b/roles/firewall/templates/ip6tables.j2 index 8346682..fb3c14b 100644 --- a/roles/firewall/templates/ip6tables.j2 +++ b/roles/firewall/templates/ip6tables.j2 @@ -130,6 +130,9 @@ {% endif %} {% if firewall_ipset_syslog is defined %} -A INPUT -p tcp -m tcp --dport 514 -m set --match-set syslog6 src -m comment --comment "accept syslog 514/tcp6" -j LOG_ACCEPT +-A INPUT -p udp -m udp --dport 514 -m set --match-set syslog6 src -m comment --comment "accept syslog 514/udp6" -j LOG_ACCEPT +-A INPUT -p tcp -m tcp --dport 1514 -m set --match-set syslog6 src -m comment --comment "accept syslog 1514/tcp6" -j LOG_ACCEPT +-A INPUT -p udp -m udp --dport 1514 -m set --match-set syslog6 src -m comment --comment "accept syslog 1514/udp6" -j LOG_ACCEPT {% endif %} {% if firewall_ipset_influxdb is defined %} -A INPUT -p tcp -m tcp --dport 8086 -m set --match-set influxdb6 src -m comment --comment "accept influxdb 8086/tcp6" -j LOG_ACCEPT diff --git a/roles/firewall/templates/iptables.j2 b/roles/firewall/templates/iptables.j2 index 1a67d72..9bf8434 100644 --- a/roles/firewall/templates/iptables.j2 +++ b/roles/firewall/templates/iptables.j2 @@ -117,6 +117,8 @@ {% if firewall_ipset_syslog is defined %} -A INPUT -p tcp -m tcp --dport 514 -m set --match-set syslog4 src -m comment --comment "accept syslog 514/tcp" -j LOG_ACCEPT -A INPUT -p udp -m udp --dport 514 -m set --match-set syslog4 src -m comment --comment "accept syslog 514/udp" -j LOG_ACCEPT +-A INPUT -p tcp -m tcp --dport 1514 -m set --match-set syslog4 src -m comment --comment "accept syslog 1514/tcp" -j LOG_ACCEPT +-A INPUT -p udp -m udp --dport 1514 -m set --match-set syslog4 src -m comment --comment "accept syslog 1514/udp" -j LOG_ACCEPT {% endif %} {% if firewall_ipset_influxdb is defined %} -A INPUT -p tcp -m tcp --dport 8086 -m set --match-set influxdb4 src -m comment --comment "accept influxdb 8086/tcp" -j LOG_ACCEPT