cache: initial rules to allow traffic from l4lb
This commit is contained in:
parent
4bf6b2d79b
commit
b018c81f81
|
@ -91,6 +91,17 @@ class cdn::cache(
|
||||||
refreshonly => true,
|
refreshonly => true,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Allow tunnel packets arriving from l4lb nodes
|
||||||
|
sunet::nftables::rule { 'sunet_cdn_tunnel4':
|
||||||
|
rule => 'add rule inet filter input ip saddr { 130.242.64.233, 130.242.64.235 } ip protocol ipencap counter accept comment "sunet-cdn-tunnel4"'
|
||||||
|
}
|
||||||
|
|
||||||
|
# Allow decapsulated tunnel packets targeting the service IP range to reach
|
||||||
|
# local service ports
|
||||||
|
sunet::nftables::rule { 'sunet_cdn_tunnel4':
|
||||||
|
rule => 'add rule inet filter input meta iifname tunl0 ip daddr 188.240.152.0/24 tcp dport { 80, 443 } counter accept comment "sunet-cdn-service4'
|
||||||
|
}
|
||||||
|
|
||||||
if $cache_secrets {
|
if $cache_secrets {
|
||||||
$customers.each |String $customer, Integer $customer_uid| {
|
$customers.each |String $customer, Integer $customer_uid| {
|
||||||
if $cache_secrets['customers'][$customer] {
|
if $cache_secrets['customers'][$customer] {
|
||||||
|
|
Loading…
Reference in a new issue