bubblev
/
bubble
9
0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 130 Wiki Toiminta
The main Bubble source repository. Contains the Bubble API server, the web UI, documentation and utilities. https://getbubblenow.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
796 Commitit
10 Branchit
66 MiB
 
 
 
 
Puu: 10e96f5cf4
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '10e96f5cf4'
${ noResults }
bubble/automation/roles/firewall/tasks/sage.yml

92 rivejä
1.9 KiB
Raaka Blame Historia 

  1. #

  2. # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/

  3. #

  4. - name: Allow all from local

  5.   iptables:

  6.     chain: INPUT

  7.     in_interface: lo

  8.     jump: ACCEPT

  9.     comment: Allow all from local

  10.   become: yes

  11. 

  12. - name: Allow related and established connections

  13.   iptables:

  14.     chain: INPUT

  15.     ctstate: ESTABLISHED,RELATED

  16.     jump: ACCEPT

  17.     comment: Allow related and established connections

  18.   become: yes

  19. 

  20. - name: Allow SSH

  21.   iptables:

  22.     chain: INPUT

  23.     protocol: tcp

  24.     destination_port: 22

  25.     ctstate: NEW

  26.     syn: match

  27.     jump: ACCEPT

  28.     comment: Accept new SSH connections

  29.   become: yes

  30.   when: fw_enable_ssh

  31. 

  32. - name: Allow HTTP

  33.   iptables:

  34.     chain: INPUT

  35.     protocol: tcp

  36.     destination_port: 80

  37.     ctstate: NEW

  38.     syn: match

  39.     jump: ACCEPT

  40.     comment: Accept new HTTP connections

  41.   become: yes

  42.   when: fw_enable_http

  43. 

  44. - name: Allow HTTPS

  45.   iptables:

  46.     chain: INPUT

  47.     protocol: tcp

  48.     destination_port: 443

  49.     ctstate: NEW

  50.     syn: match

  51.     jump: ACCEPT

  52.     comment: Accept new HTTPS connections

  53.   become: yes

  54.   when: fw_enable_http

  55. 

  56. - name: Allow admin HTTPS on port {{ ssl_port }}

  57.   iptables:

  58.     chain: INPUT

  59.     protocol: tcp

  60.     destination_port: "{{ ssl_port }}"

  61.     ctstate: NEW

  62.     syn: match

  63.     jump: ACCEPT

  64.     comment: Accept new admin HTTPS connections

  65.   when: fw_enable_admin

  66.   become: yes

  67. 

  68. - name: Drop everything else

  69.   iptables:

  70.     chain: INPUT

  71.     jump: DROP

  72.     comment: Drop anything else

  73.   become: yes

  74. 

  75. - name: Creates /etc/iptables directory

  76.   file:

  77.     path: /etc/iptables

  78.     state: directory

  79. 

  80. - name: save iptables v4 rules

  81.   shell: iptables-save > /etc/iptables/rules.v4

  82.   become: yes

  83. 

  84. - name: save iptables v6 rules

  85.   shell: ip6tables-save > /etc/iptables/rules.v6

  86.   become: yes

  87. 

  88. - supervisorctl:

  89.     name: bubble_peer_manager

  90.     state: restarted

  91.   when: fw_enable_admin