Newer
Older
@def $LOCKSS_NET = ({{ lockss_network_ips | join(" ") }});
@def $MGMT_NET = ({{ lockss_admin_ips | join(" ") }});
@def $LOCKSS_CONFIG_PORTS = (
24640 24641 # metadata-extraction-service
24602 # postgres
24650 24651 # metadata-service
24610 # repository-service
24600 24606 24620 24621 # configuration-service
24630 24631 24670 24672 24674 24680 # poller
24681 # pywb
24603 # solr
);
@def $LOCKSS_NET_PORTS = (
9729 # poller
);
domain (ip ip6) table filter chain DOCKER-USER {
# Incoming traffic bound for a docker service will come in to the FORWARD
# chain and exit on docker_gwbridge.
outerface docker_gwbridge {
# The destination ports here are the ports listening inside the
# container. These may differ from those on the host.
saddr $LOCKSS_NET proto tcp dport $LOCKSS_NET_PORTS ACCEPT;
saddr $MGMT_NET proto tcp dport $LOCKSS_CONFIG_PORTS ACCEPT;
}
}