Add iptables support

commit: 82333e107a5ed8a1ce56abd014ab0b1c1c70169b [log] [tgz]
author: Filip Pytloun <filip@pytloun.cz> Thu May 05 12:32:07 2016 +0200
committer: Filip Pytloun <filip@pytloun.cz> Thu May 05 12:41:01 2016 +0200
tree: 54490cf880ecfae7331c26923e2c1ec641094e5b
parent: 4db56b99060aa588f738b5a748d076432a74a1fd [diff]
diff --git a/metadata/service/support.yml b/metadata/service/support.yml
index 68d216d..48c1ea0 100644
--- a/metadata/service/support.yml
+++ b/metadata/service/support.yml

@@ -9,3 +9,5 @@
         enabled: true
       sphinx:
         enabled: true
+      iptables:
+        enabled: true

diff --git a/rabbitmq/meta/iptables.yml b/rabbitmq/meta/iptables.yml
new file mode 100644
index 0000000..59a5448
--- /dev/null
+++ b/rabbitmq/meta/iptables.yml

@@ -0,0 +1,23 @@
+{%- from "rabbitmq/map.jinja" import server with context -%}
+iptables:
+  rules:
+    - destination_port: {{ server.bind.port }}
+      protocol: tcp
+      jump: ACCEPT
+    - destination_port: 25672
+      protocol: tcp
+      jump: ACCEPT
+    {%- if server.get('ssl', {}).get('enabled', False) %}
+    - destination_port: {{ server.bind.get('ssl', {}).get('port', 5671) }}
+      protocol: tcp
+      jump: ACCEPT
+    {%- endif %}
+    {%- if 'rabbitmq_management' in server.plugins %}
+    - destination_port: {{ server.management.bind.port }}
+      protocol: tcp
+      jump: ACCEPT
+    {%- endif %}
+
+{#-
+vim: syntax=jinja
+-#}
commit	82333e107a5ed8a1ce56abd014ab0b1c1c70169b	[log] [tgz]
author	Filip Pytloun <filip@pytloun.cz>	Thu May 05 12:32:07 2016 +0200
committer	Filip Pytloun <filip@pytloun.cz>	Thu May 05 12:41:01 2016 +0200
tree	54490cf880ecfae7331c26923e2c1ec641094e5b
parent	4db56b99060aa588f738b5a748d076432a74a1fd [diff]