From 9609940accb4bc20bc380f2b35e850c0f5d0f66d Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Wed, 1 Jun 2016 00:08:04 +0100 Subject: [PATCH] Allow connections to logstash from network gateways --- cookbooks/logstash/recipes/default.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/cookbooks/logstash/recipes/default.rb b/cookbooks/logstash/recipes/default.rb index ed9ffb703..73198d593 100644 --- a/cookbooks/logstash/recipes/default.rb +++ b/cookbooks/logstash/recipes/default.rb @@ -79,3 +79,19 @@ forwarders.each do |forwarder| end end end + +gateways = search(:node, "roles:gateway") # ~FC010 + +gateways.each do |gateway| + gateway.interfaces(:role => :external) do |interface| + firewall_rule "accept-lumberjack-#{gateway}" do + action :accept + family interface[:family] + source "#{interface[:zone]}:#{interface[:address]}" + dest "fw" + proto "tcp:syn" + dest_ports "5043" + source_ports "1024:" + end + end +end -- 2.39.5