Merge pull request #7 from 0x0I/add_iptable_setup

add option to allow specified ingress ports via iptables
O1ahmad · Feb 9, 2023 · 4ddeb6c · 4ddeb6c
2 parents d6adf52 + 5b59636
commit 4ddeb6c
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -25,6 +25,7 @@ Configure and operate a basic cloud-native service: running anything from cypto
 |    _config_     |  configuration files associated with the service to mount  |       `{}`       |
 |   _configEnv_   |  environment variables to set within the service runtime   |       `{}`       |
 |     _ports_     |          listening port information for a service          |       `{}`       |
+|     _setup_iptables_     |          configure IP tables to allow ingress paths          |       `false`       |
 |  _hostDataDir_  |   host directory to store node runtime/operational data    |    `/var/tmp`    |
 |    _dataDir_    | container directory to store node runtime/operational data |      `/tmp`      |
 |    _workDir_    |      operational directory to store runtime artifacts      |    `/var/tmp`    |

diff --git a/tasks/common/network-setup.yml b/tasks/common/network-setup.yml
@@ -0,0 +1,12 @@
+---
+- name: Determine service ingress port list for iptables config
+  ansible.builtin.set_fact:
+    ingressList: "{{ ingressList + [item.value.ingressPort | string] }}"
+  with_dict: "{{ ports }}"
+
+- name: Allow service ingress ports in iptables setup
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_ports: "{{ ingressList }}"
+    jump: ACCEPT
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -4,3 +4,7 @@
 
 - name: Setup service infrastructure topology
   ansible.builtin.include_tasks: "{{ setupMode }}/setup.yml"
+
+- name: Manage networking and IP tables setup
+  when: setup_iptables|bool
+  ansible.builtin.include_tasks: "common/network-setup.yml"