Skip to content
Permalink
Browse files

Merge branch 'cloudscale-ch-fix-dmz'

  • Loading branch information...
drybjed committed Sep 10, 2019
2 parents 7070f28 + 2289684 commit 803d04a03034c742e72caa2a1da63dff2d2c9b3b
Showing with 12 additions and 3 deletions.
  1. +6 −0 CHANGELOG.rst
  2. +6 −3 ansible/roles/debops.ferm/templates/etc/ferm/rules.d/rule.conf.j2
@@ -131,6 +131,12 @@ Fixed
``bind-interfaces``. This allows the :command:`dnsmasq` service to start
correctly.

:ref:`debops.ferm` role
'''''''''''''''''''''''

- The ``dmz`` firewall configuration will use the ``dport`` parameter instead
of ``port``, otherwise filtering rules will not work as expected.

:ref:`debops.nfs_server` role
'''''''''''''''''''''''''''''

@@ -97,6 +97,9 @@
{% endif %}
{% if config.port|d() or config.ports|d() %}
{% set _ = ferm__tpl_config.update({'dmz_ports': (debops__tpl_macros.flattened(config.port|d(config.ports))) | from_json }) %}
{% if ferm__tpl_config['dport'] == [] %}
{% set _ = ferm__tpl_config['dport'].extend(ferm__tpl_config['dmz_ports']) %}
{% endif %}
{% endif %}
{% endif %}
{% for interface in (debops__tpl_macros.flattened(config.interface_present|d(config.interfaces_present)) | from_json) %}
@@ -389,10 +392,10 @@
table filter chain FORWARD {
{% if ferm__tpl_config['dmz_ports']|d() %}
protocol ({{ ferm__tpl_config['protocol']|d([ 'tcp' ]) | join(" ") }}) {
{% if ferm__tpl_config['dmz_ports'] | length > 1 %}
mod multiport destination-ports ({{ ferm__tpl_config['dmz_ports'] | join(" ") }}) {
{% if ferm__tpl_config['dport'] | length > 1 %}
mod multiport destination-ports ({{ ferm__tpl_config['dport'] | join(" ") }}) {
{% else %}
dport ({{ ferm__tpl_config['dmz_ports'] | join(" ") }}) {
dport ({{ ferm__tpl_config['dport'] | join(" ") }}) {
{% endif %}
destination $PRIVATE_IP ACCEPT;
}

0 comments on commit 803d04a

Please sign in to comment.
You can’t perform that action at this time.