Allow connections to logstash from network gateways

author Tom Hughes <tom@compton.nu>

Tue, 31 May 2016 23:08:04 +0000 (00:08 +0100)

committer Tom Hughes <tom@compton.nu>

Tue, 31 May 2016 23:08:04 +0000 (00:08 +0100)
author Tom Hughes <tom@compton.nu>
Tue, 31 May 2016 23:08:04 +0000 (00:08 +0100)
committer Tom Hughes <tom@compton.nu>
Tue, 31 May 2016 23:08:04 +0000 (00:08 +0100)
diff --git a/cookbooks/logstash/recipes/default.rb b/cookbooks/logstash/recipes/default.rb

index ed9ffb7034e6b7194f9cfddd9902e1841898b189..73198d5933daa41fff9c2b0f814b8c5982eb8087 100644 (file)
--- a/cookbooks/logstash/recipes/default.rb
+++ b/cookbooks/logstash/recipes/default.rb
@@ -79,3 +79,19 @@ forwarders.each do |forwarder|
      end
    end
  end
+
+gateways = search(:node, "roles:gateway") # ~FC010
+
+gateways.each do |gateway|
+  gateway.interfaces(:role => :external) do |interface|
+    firewall_rule "accept-lumberjack-#{gateway}" do
+      action :accept
+      family interface[:family]
+      source "#{interface[:zone]}:#{interface[:address]}"
+      dest "fw"
+      proto "tcp:syn"
+      dest_ports "5043"
+      source_ports "1024:"
+    end
+  end
+end
author	Tom Hughes <tom@compton.nu>
	Tue, 31 May 2016 23:08:04 +0000 (00:08 +0100)
committer	Tom Hughes <tom@compton.nu>
	Tue, 31 May 2016 23:08:04 +0000 (00:08 +0100)