Skip to content

Commit

Permalink
Docker: Add the option for host specific iptables rules
Browse files Browse the repository at this point in the history
  • Loading branch information
@quartje
quartje committed Feb 2, 2025
1 parent 12e7b56 commit f87e2f1
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions roles/docker/templates/ip4tables.sh.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,13 @@ done
/sbin/iptables -t filter -A INPUT -p {{ service.protocol | default('tcp') }} {{ '-s '+service.source if service.source is defined else '' }} -m multiport --dports {{ service.port }} -j ACCEPT
{% endfor %}
{% endif %}
{% if iptables_hostspecific is defined %}
{% for service in iptables_hostspecific %}
{{'##'|e }} {{ service.name }}
{{'##'|e }} {{'=' * service.name|length }}
/sbin/iptables -t filter -A INPUT -p {{ service.protocol | default('tcp') }} {{ '-s '+service.source if service.source is defined else '' }} -m multiport --dports {{ service.port }} -j ACCEPT
{% endfor %}
{% endif %}

/sbin/iptables -t filter -A INPUT -m state --state ESTABLISHED -j ACCEPT
/sbin/iptables -t filter -A INPUT -j DROP
Expand Down

0 comments on commit f87e2f1

Please sign in to comment.