#4 replacing de-elk punches

DICE-UNC · Mar 23, 2016 · ac5a47e · ac5a47e
1 parent 5352d33
commit ac5a47e
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/ansible/roles/iptables/templates/iptables.j2 b/ansible/roles/iptables/templates/iptables.j2
@@ -72,6 +72,14 @@
 # postgres from DMZ
 -A INPUT -m state --state NEW -m tcp -p tcp -s {{ net.dmz }} --dport {{ db_port }} -j ACCEPT
 
+{% endif %}
+{% if inventory_hostname in groups['de-elk'] %}
+# elasticsearch from DMZ
+-A INPUT -m state --state NEW -m tcp -p tcp -s {{ net.dmz }} --dport {{ elk.elasticsearch.port }} -j ACCEPT
+
+# logstash from DMZ
+-A INPUT -m state --state NEW -m tcp -p tcp -s {{ net.dmz }} --dport {{ elk.logstash.port }} -j ACCEPT
+
 {% endif %}
 {% if inventory_hostname in groups['docker-registry'] %}
 # docker-registry ports from DMZ