diff options
Diffstat (limited to 'roles/vm/network/templates/firewall.sh_public.j2')
-rw-r--r-- | roles/vm/network/templates/firewall.sh_public.j2 | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/roles/vm/network/templates/firewall.sh_public.j2 b/roles/vm/network/templates/firewall.sh_public.j2 deleted file mode 100644 index df5b1373..00000000 --- a/roles/vm/network/templates/firewall.sh_public.j2 +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh - -PUBLIC_IPS="{% if item == 4 %}{{ srv_network_public_firewall_ipv4 | join(' ') }}{% else %}{{ srv_network_public_firewall_ipv6 | join(' ') }}{% endif %}" -PUBLIC_IF="$2" -TCP_PORTS="{{ srv_network.public.firewall.tcp_ports | default([]) | join(' ') }}" -UDP_PORTS="{{ srv_network.public.firewall.udp_ports | default([]) | join(' ') }}" - -##### -IPTABLES="/sbin/ip{% if item == 6 %}6{% endif %}tables" -ICMP="icmp{% if item == 6 %}v6{% endif %}" - -case "$1" in - start) - $IPTABLES -A INPUT -i $PUBLIC_IF -p $ICMP -j ACCEPT - $IPTABLES -A INPUT -i $PUBLIC_IF -m state --state related,established -j ACCEPT - for port in $TCP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -A INPUT -i $PUBLIC_IF -d $ip -p tcp --dport $port -j ACCEPT - done - done - for port in $UDP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -A INPUT -i $PUBLIC_IF -d $ip -p udp --dport $port -j ACCEPT - done - done - $IPTABLES -A INPUT -i $PUBLIC_IF -j DROP - ;; - stop) - $IPTABLES -D INPUT -i $PUBLIC_IF -j DROP - for port in $UDP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -D INPUT -i $PUBLIC_IF -d $ip -p udp --dport $port -j ACCEPT - done - done - for port in $TCP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -D INPUT -i $PUBLIC_IF -d $ip -p tcp --dport $port -j ACCEPT - done - done - $IPTABLES -D INPUT -i $PUBLIC_IF -m state --state related,established -j ACCEPT - $IPTABLES -D INPUT -i $PUBLIC_IF -p $ICMP -j ACCEPT - ;; - *) - echo "Usage: $0 (start|stop)" - exit 1 - ;; -esac - -exit 0 |