From 9de95d45d50cf93e0adf6d395272209da71af620 Mon Sep 17 00:00:00 2001 From: Claudio Maradonna Date: Wed, 31 Aug 2022 11:33:50 +0200 Subject: [PATCH] add iptables mangle configuration for swarm --- cloud-init/swarm-manager.yml | 9 +++++++++ cloud-init/swarm-worker.yml | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/cloud-init/swarm-manager.yml b/cloud-init/swarm-manager.yml index 96350b9..171422a 100644 --- a/cloud-init/swarm-manager.yml +++ b/cloud-init/swarm-manager.yml @@ -22,6 +22,15 @@ write_files: permissions: 0644 owner: root:root content: | + *mangle + :PREROUTING ACCEPT [0:0] + :INPUT ACCEPT [0:0] + :FORWARD ACCEPT [0:0] + :OUTPUT ACCEPT [0:0] + :POSTROUTING ACCEPT [0:0] + -A PREROUTING -i eth0 -p tcp -m tcp --dport 2222 -j DROP + COMMIT + *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] diff --git a/cloud-init/swarm-worker.yml b/cloud-init/swarm-worker.yml index 2ff0d05..8bd69b5 100644 --- a/cloud-init/swarm-worker.yml +++ b/cloud-init/swarm-worker.yml @@ -23,6 +23,15 @@ write_files: permissions: 0644 owner: root:root content: | + *mangle + :PREROUTING ACCEPT [0:0] + :INPUT ACCEPT [0:0] + :FORWARD ACCEPT [0:0] + :OUTPUT ACCEPT [0:0] + :POSTROUTING ACCEPT [0:0] + -A PREROUTING -i eth0 -p tcp -m tcp --dport 2222 -j DROP + COMMIT + *filter :INPUT DROP [0:0] :FORWARD DROP [0:0]