saltbox
/
states
2
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
343 Commits
2 Branches
0 Tags
844 KiB
 
 
 
 
Tree: 8fa8b549cc
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8fa8b549cc'
${ noResults }
states/fwrules/chains/concourse_worker.sls

99 lines
2.2 KiB
Raw Blame History

#!pydsl
state("concourse_worker ipv4 chain").iptables.chain_present(
"concourse_worker",
family="ipv4",
)
state("concourse_worker ipv6 chain").iptables.chain_present(
"concourse_worker",
family="ipv6",
)
addresses_v4 = ["107.155.67.64/29"]
addresses_v6 = ["2604:880:396::/48"]
for address in addresses_v4:
# SSH
state("ssh ipv4 " + address).iptables.append(
table="filter",
family="ipv4",
chain="concourse_worker",
source=address,
protocol="tcp",
match="tcp",
dport=22,
)
# Concourse worker
state("concourse-atc ipv4 " + address).iptables.append(
table="filter",
family="ipv4",
chain="concourse_worker",
source=address,
protocol="tcp",
match="tcp",
dport=7777,
)
state("concourse-baggageclaim ipv4 " + address).append(
table="filter",
family="ipv4",
chain="concourse_worker",
source=address,
protocol="tcp",
match="tcp",
dport=7778,
)
for address in addresses_v6:
# SSH
state("ssh ipv6 " + address).iptables.append(
table="filter",
family="ipv6",
chain="concourse_worker",
source=address,
protocol="tcp",
match="tcp",
dport=7777,
)
# Concourse private
state("concourse-atc ipv6 " + address).iptables.append(
table="filter",
family="ipv6",
chain="concourse_worker",
source=address,
protocol="tcp",
match="tcp",
dport=7777,
)
state("concourse-baggageclaim ipv6 " + address).iptables.append(
table="filter",
family="ipv6",
chain="concourse_worker",
source=address,
protocol="tcp",
match="tcp",
dport=7778,
)
state("concourse_worker ipv4 input chain").iptables.append(
table="filter",
family="ipv4",
chain="INPUT",
match="comment",
comment="concourse_worker",
jump="concourse_worker",
)
state("concourse_worker ipv6 input chain").iptables.append(
table="filter",
family="ipv6",
chain="INPUT",
match="comment",
comment="concourse_worker",
jump="concourse_worker",
)