ryanc/ansible
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

teleport firewall rules

Browse Source
This commit is contained in:
Ryan Cavicchioni 2020-09-20 22:35:20 -05:00
parent 036cdd6e57
commit 9e0ada65f2
Signed by: ryanc
GPG Key ID: 877EEDAF9245103D
2 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
roles/firewall/templates/ip6tables.j2
View File

@ -133,6 +133,20 @@
{% endfor %}
{% endif %}
{% if firewall_teleport_node_enabled | default(false) %}
-A INPUT -p tcp -m tcp --dport 3022 -m state --state NEW -m comment --comment "accept 3022/tcp" -j ACCEPT
{% endif %}
{% if firewall_teleport_proxy_enabled | default(false) %}
-A INPUT -p tcp -m tcp --dport 3023 -m state --state NEW -m comment --comment "accept 3023/tcp" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3024 -m state --state NEW -m comment --comment "accept 3024/tcp" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3080 -m state --state NEW -m comment --comment "accept 3080/tcp" -j ACCEPT
{% endif %}
{% if firewall_teleport_auth_enabled | default(false) %}
-A INPUT -p tcp -m tcp --dport 3025 -m state --state NEW -m comment --comment "accept 3025/tcp" -j ACCEPT
{% endif %}
-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "accept related/established inet6" -j ACCEPT
-A INPUT -m comment --comment "default drop inet6" -j LOG_DROP

14
roles/firewall/templates/iptables.j2
View File

@ -119,6 +119,20 @@
{% endfor %}
{% endif %}
{% if firewall_teleport_node_enabled | default(false) %}
-A INPUT -p tcp -m tcp --dport 3022 -m state --state NEW -m comment --comment "accept 3022/tcp" -j ACCEPT
{% endif %}
{% if firewall_teleport_proxy_enabled | default(false) %}
-A INPUT -p tcp -m tcp --dport 3023 -m state --state NEW -m comment --comment "accept 3023/tcp" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3024 -m state --state NEW -m comment --comment "accept 3024/tcp" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3080 -m state --state NEW -m comment --comment "accept 3080/tcp" -j ACCEPT
{% endif %}
{% if firewall_teleport_auth_enabled | default(false) %}
-A INPUT -p tcp -m tcp --dport 3025 -m state --state NEW -m comment --comment "accept 3025/tcp" -j ACCEPT
{% endif %}
-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "accept related/established" -j ACCEPT
-A INPUT -m comment --comment "default drop" -j LOG_DROP