@def $LOCKSS_NET = ({{ lockss_network_ips | join(" ") }}); @def $MGMT_NET = ({{ lockss_admin_ips | join(" ") }}); @def $LOCKSS_CONFIG_PORTS = ( 24640 24641 # metadata-extraction-service 5432 # postgres 24650 24651 # metadata-service 24610 # repository-service 24620 24621 # configuration-service 9729 24630 24631 24680 # poller 8080 # pywb 8983 # solr ); @def $LOCKSS_NET_PORTS = ( 9729 # poller ); domain (ip ip6) table filter chain INPUT { # The destination ports here are the ports listening inside the container. # These may differ from those on the host. saddr $LOCKSS_NET proto tcp dport $LOCKSS_NET_PORTS ACCEPT; saddr $MGMT_NET proto tcp dport $LOCKSS_CONFIG_PORTS ACCEPT; }