diff options
| author | Niklas Yann Wettengel <niyawe@niyawe.de> | 2018-03-07 19:50:28 +0100 |
|---|---|---|
| committer | Niklas Yann Wettengel <niyawe@niyawe.de> | 2018-03-07 19:50:28 +0100 |
| commit | 4523a78c97519527ba92fb1ea4276f081e7c6629 (patch) | |
| tree | b5e68bf4a0a3bcd783a364c9491a5ae74fef8f1a /roles/configure_iptables | |
| parent | de66f3d823165844e7a97be6adfe24131e178e73 (diff) | |
add munin monitoring
Diffstat (limited to 'roles/configure_iptables')
| -rw-r--r-- | roles/configure_iptables/templates/ip6tables.rules | 10 | ||||
| -rw-r--r-- | roles/configure_iptables/templates/iptables.rules | 8 |
2 files changed, 10 insertions, 8 deletions
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules index 5bb058c..5667a83 100644 --- a/roles/configure_iptables/templates/ip6tables.rules +++ b/roles/configure_iptables/templates/ip6tables.rules @@ -31,13 +31,15 @@ COMMIT # SSH-Server -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT +# nginx +-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT +# munin +-A INPUT -p tcp -m tcp --dport 4949 -j ACCEPT {% if 'fastd' in group_names %} # dns -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT -# nginx --A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd @@ -85,8 +87,8 @@ COMMIT -A FORWARD -o {{ ansible_default_ipv6.interface }} -j REJECT {% if 'ffrl_uplink' in group_names %} {% for peer in ffrl_peers %} -iptables -A FORWARD -i {{ peer.name }} -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -iptables -A FORWARD -o {{ peer.name }} -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -i {{ peer.name }} -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -o {{ peer.name }} -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu {% endfor %} {% endif %} COMMIT diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index 3c750f9..c568e4e 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -31,6 +31,8 @@ COMMIT # SSH-Server -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT +# nginx +-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT {% if 'fastd' in group_names %} # dns @@ -40,8 +42,6 @@ COMMIT {% for site in sites %} -I INPUT -i bat{{ site.name }} -p udp --dport 67:68 --sport 67:68 -j ACCEPT {% endfor %} -# nginx --A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # ntp -A INPUT -p udp -m udp --dport 123 -j ACCEPT # fastd @@ -71,8 +71,8 @@ COMMIT -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT {% if 'ffrl_uplink' in group_names %} {% for peer in ffrl_peers %} -iptables -A FORWARD -i {{ peer.name }} -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -iptables -A FORWARD -o {{ peer.name }} -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -i {{ peer.name }} -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -o {{ peer.name }} -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu {% endfor %} {% endif %} |