firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Prometheus Service

Browse Source
This commit is contained in:
Christoph 2024-11-05 17:21:05 +01:00
parent 0eca4f3eaf
commit e7311a3963
6 changed files with 161 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
conf/default_settings.conf
View File

@ -46,6 +46,10 @@ standard_wireguard_port=51820
standard_whois_port=43 standard_whois_port=43
standard_xymon_port=1984 standard_xymon_port=1984
# - Prometheus services
# -
standard_prometheus_ports="9100,9256"
# - Mattermost (MM) Service # - Mattermost (MM) Service
# - # -
stansard_mattermost_udp_ports_in="8443" stansard_mattermost_udp_ports_in="8443"

31
conf/main_ipv4.conf.sample
View File

@ -508,6 +508,37 @@ nc_turn_udp_ports="$standard_turn_service_udp_ports"
# - # -
tftp_server_ips="" tftp_server_ips=""
# - Prometheus Monitoring - local Server
# -
# - blank separated list of IPv4 addresses
# -
prometheus_local_server_ips=""
# - (Remote) prometheus ports
# -
# - !! comma separated list of ports
# -
prometheus_remote_client_ports="$standard_prometheus_ports"
# - Prometheus Monitoring - local Client
# -
# - blank separated list of IPv4 addresses
# -
prometheus_local_client_ips=""
# - Local prometheus ports
# -
# - !! comma separated list of ports
# -
prometheus_local_client_ports="$standard_prometheus_ports"
# - blank separated list of IPv4 addresses
# -
prometheus_remote_server_ips=""
# - Munin Server # - Munin Server
# - # -
munin_server_ips="" munin_server_ips=""

31
conf/main_ipv6.conf.sample
View File

@ -527,6 +527,37 @@ nc_turn_udp_ports="$standard_turn_service_udp_ports"
# - # -
tftp_server_ips="" tftp_server_ips=""
# - Prometheus Monitoring - local Server
# -
# - blank separated list of IPv6 addresses
# -
prometheus_local_server_ips=""
# - (Remote) prometheus ports
# -
# - !! comma separated list of ports
# -
prometheus_remote_client_ports="$standard_prometheus_ports"
# - Prometheus Monitoring - local Client
# -
# - blank separated list of IPv6 addresses
# -
prometheus_local_client_ips=""
# - Local prometheus ports
# -
# - !! comma separated list of ports
# -
prometheus_local_client_ports="$standard_prometheus_ports"
# - blank separated list of IPv6 addresses
# -
prometheus_remote_server_ips=""
# - Munin Server # - Munin Server
# - # -
munin_server_ips="" munin_server_ips=""

25
conf/post_decalrations.conf
View File

@ -366,8 +366,8 @@ done
# - (local) Dovecot auth service # - (local) Dovecot auth service
# --- # ---
declare -a dovecot_auth_allowed_network_arr declare -a dovecot_auth_allowed_network_arr
for _port in $dovecot_auth_allowed_networks ; do for _ip in $dovecot_auth_allowed_networks ; do
dovecot_auth_allowed_network_arr+=("$_port") dovecot_auth_allowed_network_arr+=("$_ip")
done done
# --- # ---
@ -440,6 +440,27 @@ for _ip in $tel_sys_ips ; do
tel_sys_ip_arr+=("$_ip") tel_sys_ip_arr+=("$_ip")
done done
# ---
# - Prometheus Monitoring - local Server
# ---
declare -a prometheus_local_server_ip_arr
for _ip in $prometheus_local_server_ips ; do
prometheus_local_server_ip_arr+=("$_ip")
done
# ---
# - Prometheus Monitoring - local Client
# ---
declare -a prometheus_local_client_ip_arr
for _ip in $prometheus_local_client_ips; do
prometheus_local_client_ip_arr+=("$_ip")
done
declare -a prometheus_remote_server_ip_arr
for _ip in $prometheus_remote_server_ips ; do
prometheus_remote_server_ip_arr+=("$_ip")
done
# --- # ---
# - IP Addresses Munin # - IP Addresses Munin
# --- # ---

38
ip6t-firewall-server
View File

@ -1573,6 +1573,40 @@ done
echo_done echo_done
# ---
# - Prometheus Monitoring - local Server
# ---
echononl "\t\tLocal Prometheus Service"
if [[ ${#prometheus_local_server_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${prometheus_local_server_ip_arr[@]} ; do
$ip6t -A OUTPUT -p tcp -s $_ip -m multiport --dports $prometheus_remote_client_ports -m state --state NEW -j ACCEPT
done
echo_done
else
echo_skipped
fi
# ---
# - Prometheus Monitoring - local client
# ---
echononl "\t\tLocal Prometheus Client"
if [[ ${#prometheus_local_client_ip_arr[@]} -gt 0 ]] && [[ ${#prometheus_remote_server_ip_arr[@]} -gt 0 ]]; then
for _ip in ${prometheus_local_client_ip_arr[@]} ; do
for _ip in ${prometheus_remote_server_ip_arr[@]} ; do
$ip6t -A INPUT -p tcp -d $_ip -m multiport --dports $prometheus_local_client_ports -m state --state NEW -j ACCEPT
done
done
echo_done
else
echo_skipped
fi
# --- # ---
# - Munin remote service # - Munin remote service
# --- # ---
@ -1603,13 +1637,13 @@ if [[ ${#munin_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_munin_server_ip_arr[@
if [[ ${#munin_server_ip_arr[@]} -gt 0 ]] ; then if [[ ${#munin_server_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${munin_server_ip_arr[@]} ; do for _ip in ${munin_server_ip_arr[@]} ; do
$ip6t -A OUTPUT -p tcp --syn -s $_ip --dport $munin_remote_port -m state --state NEW -j ACCEPT $ip6t -A OUTPUT -p tcp -s $_ip --dport $munin_remote_port -m state --state NEW -j ACCEPT
done done
fi fi
if [[ ${#forward_munin_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then if [[ ${#forward_munin_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
for _ip in ${forward_munin_server_ip_arr[@]} ; do for _ip in ${forward_munin_server_ip_arr[@]} ; do
$ip6t -A FORWARD -p tcp --syn -s $_ip --dport $munin_remote_port -m state --state NEW -j ACCEPT $ip6t -A FORWARD -p tcp -s $_ip --dport $munin_remote_port -m state --state NEW -j ACCEPT
done done
fi fi

38
ipt-firewall-server
View File

@ -1745,6 +1745,40 @@ done
echo_done echo_done
# ---
# - Prometheus Monitoring - local Server
# ---
echononl "\t\tLocal Prometheus Service"
if [[ ${#prometheus_local_server_ip_arr[@]} -gt 0 ]] ; then
for _ip in ${prometheus_local_server_ip_arr[@]} ; do
$ipt -A OUTPUT -p tcp -s $_ip -m multiport --dports $prometheus_remote_client_ports -m state --state NEW -j ACCEPT
done
echo_done
else
echo_skipped
fi
# ---
# - Prometheus Monitoring - local client
# ---
echononl "\t\tLocal Prometheus Client"
if [[ ${#prometheus_local_client_ip_arr[@]} -gt 0 ]] && [[ ${#prometheus_remote_server_ip_arr[@]} -gt 0 ]]; then
for _ip in ${prometheus_local_client_ip_arr[@]} ; do
for _ip in ${prometheus_remote_server_ip_arr[@]} ; do
$ipt -A INPUT -p tcp -d $_ip -m multiport --dports $prometheus_local_client_ports -m state --state NEW -j ACCEPT
done
done
echo_done
else
echo_skipped
fi
# --- # ---
# - Munin remote service # - Munin remote service
# --- # ---
@ -1753,9 +1787,9 @@ echononl "\t\tMunin remote service"
if [ "X$munin_remote_ip" != "X" ]; then if [ "X$munin_remote_ip" != "X" ]; then
for _dev in ${ext_if_arr[@]} ; do for _dev in ${ext_if_arr[@]} ; do
$ipt -A INPUT -i $_dev -p tcp --syn -s $munin_remote_ip --dport $munin_local_port -m state --state NEW -j ACCEPT $ipt -A INPUT -i $_dev -p tcp -s $munin_remote_ip --dport $munin_local_port -m state --state NEW -j ACCEPT
if $kernel_activate_forwarding ; then if $kernel_activate_forwarding ; then
$ipt -A FORWARD -i $_dev -p tcp --syn -s $munin_remote_ip --dport $munin_local_port -m state --state NEW -j ACCEPT $ipt -A FORWARD -i $_dev -p tcp-s $munin_remote_ip --dport $munin_local_port -m state --state NEW -j ACCEPT
fi fi
done done
echo_done echo_done