add option to allow specified ingress ports via iptables

README.md

@@ -25,6 +25,7 @@ Configure and operate a basic cloud-native service: running anything from cypto
 |    _config_     |  configuration files associated with the service to mount  |       `{}`       |
 |   _configEnv_   |  environment variables to set within the service runtime   |       `{}`       |
 |     _ports_     |          listening port information for a service          |       `{}`       |
+|     _setup_iptables_     |          configure IP tables to allow ingress paths          |       `false`       |
 |  _hostDataDir_  |   host directory to store node runtime/operational data    |    `/var/tmp`    |
 |    _dataDir_    | container directory to store node runtime/operational data |      `/tmp`      |
 |    _workDir_    |      operational directory to store runtime artifacts      |    `/var/tmp`    |

tasks/common/network-setup.yml

@@ -0,0 +1,12 @@
+---
+- name: Determine service ingress port list for iptables config
+  ansible.builtin.set_fact:
+    ingressList: "{{ ingressList + [item.value.ingressPort | string] }}"
+  with_dict: "{{ ports }}"
+
+- name: Allow service ingress ports in iptables setup
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_ports: "{{ ingressList }}"
+    jump: ACCEPT

tasks/main.yml

@@ -4,3 +4,7 @@
 
 - name: Setup service infrastructure topology
   ansible.builtin.include_tasks: "{{ setupMode }}/setup.yml"
+
+- name: Manage networking and IP tables setup
+  when: setup_iptables|bool
+  ansible.builtin.include_tasks: "common/network-setup.yml"