WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-infra/ansible_collections/nullified/infrastructure/roles/mariadb/templates/nftables.d/mariadb.nft.j2

26 lines
1.3 KiB
Django/Jinja
Raw Blame History

{%- set allowed_ingress_list4 = mariadb_nft_allowed_ingress_list | ansible.utils.ipv4 -%}
{%- set allowed_ingress_list6 = mariadb_nft_allowed_ingress_list | ansible.utils.ipv6 -%}
{%- set allowed_egress_list4 = mariadb_nft_allowed_egress_list | ansible.utils.ipv4 | default([], true) -%}
{%- set allowed_egress_list6 = mariadb_nft_allowed_egress_list | ansible.utils.ipv6 | default([], true) -%}
table inet filter {
{% if mariadb_install_server %}
chain input {
{% if mariadb_nft_filter_input %}
{%+ if allowed_ingress_list4 %}ip saddr { {{ allowed_ingress_list4 | join(', ') }} } tcp dport {{ mariadb_server_port }} accept{% endif +%}
{%+ if allowed_ingress_list6 %}ip6 saddr { {{ allowed_ingress_list6 | join(', ') }} } tcp dport {{ mariadb_server_port }} accept{% endif +%}
{% else %}
tcp dport {{ mariadb_server_port }} accept
{% endif %}
}
{% endif %}
{% if mariadb_install_client %}
chain output {
{% if mariadb_nft_filter_output %}
{%+ if allowed_egress_list4 %}ip daddr { {{ allowed_egress_list4 | join(', ') }} } tcp dport {{ mariadb_server_port }} accept{% endif +%}
{%+ if allowed_egress_list6 %}ip daddr { {{ allowed_egress_list6 | join(', ') }} } tcp dport {{ mariadb_server_port }} accept{% endif +%}
{% else %}
tcp dport {{ mariadb_server_port }} accept
{% endif %}
}
{% endif %}
}
Reference in a new issue View git blame Copy permalink