10-in-lockss.ferm.j2

@def $LOCKSS_NET = ({{ lockss_network_ips | join(" ") }});
@def $MGMT_NET = ({{ lockss_admin_ips | join(" ") }});
@def $LOCKSS_CONFIG_PORTS = (
    24640 24641                   # metadata-extraction-service
    5432                          # postgres
    24650 24651                   # metadata-service
    24610                         # repository-service
    24620 24621                   # configuration-service
    9729 24630 24631 24680        # poller
    8080                          # pywb
    8983                          # solr

    {{ lockss_frontend_port }}    # lockss-config-frontend
);
@def $LOCKSS_NET_PORTS = (
    9729    # poller
);

domain (ip ip6) table filter chain INPUT {
    # The destination ports here are the ports listening inside the container.
    # These may differ from those on the host.

    saddr $LOCKSS_NET proto tcp dport $LOCKSS_NET_PORTS ACCEPT;
    saddr $MGMT_NET proto tcp dport $LOCKSS_CONFIG_PORTS ACCEPT;
}