From 10f4f4863ae9d4f33fcc87697108cfd7b40f17ac Mon Sep 17 00:00:00 2001
From: Valentin CZERYBA <valcze80@gmail.com>
Date: Thu, 6 Oct 2022 22:29:53 +0200
Subject: [PATCH] firewall rules for postgresql and redis

---
 start-server/tasks/main.yml | 22 +++++++++++++++++++++-
 stop-server/tasks/main.yml  | 22 ++++++++++++++++++++++
 2 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/start-server/tasks/main.yml b/start-server/tasks/main.yml
index 0be5464..691e263 100644
--- a/start-server/tasks/main.yml
+++ b/start-server/tasks/main.yml
@@ -46,4 +46,24 @@
 
 - name: debug output
   debug: 
-    var: output
\ No newline at end of file
+    var: output
+
+- name: Allow port postgresql 
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 54321
+    jump: ACCEPT
+    state: present
+  become: yes
+  become_method: sudo
+
+- name: Allow port redis 
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 63791
+    jump: ACCEPT
+    state: present
+  become: yes
+  become_method: sudo
\ No newline at end of file
diff --git a/stop-server/tasks/main.yml b/stop-server/tasks/main.yml
index 74ee466..333f934 100644
--- a/stop-server/tasks/main.yml
+++ b/stop-server/tasks/main.yml
@@ -1,6 +1,27 @@
 ---
 # tasks file for server
 
+- name: Disallow port postgresql 
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 54321
+    jump: ACCEPT
+    state: absent
+  become: yes
+  become_method: sudo
+
+
+- name: Disallow port redis 
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 63791
+    jump: ACCEPT
+    state: absent
+  become: yes
+  become_method: sudo
+
 - name: Stopping existing service
   community.docker.docker_compose:
     project_src: /home/valentin/db
@@ -11,3 +32,4 @@
 - name: Debug output
   debug:
     var: output
+