# {{ ansible_managed }}
dualinventivesms='83.162.166.98'                 # Dualinventive

# SSH
## Allow SSH from select ip's
$ip4 -A custom  -i $outside_int -p tcp --dport 22 -s 87.233.176.101 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom  -i $outside_int -p tcp --dport 22 -s 87.233.176.102 -m conntrack --ctstate NEW -j ACCEPT

# DI Secureserver
## Allow new tcp traffic in/out
# Port 3300, in
$ip4 -A custom  -i $outside_int -p tcp --dport 3300 -s 87.233.176.101 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom  -i $outside_int -p tcp --dport 3300 -s 87.233.176.102 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom  -i $outside_int -p tcp --dport 3300 -s 87.233.176.103 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom  -i $outside_int -p tcp --dport 3300 -s 87.233.176.106 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom  -i $outside_int -p tcp --dport 3300 -s 87.233.176.114 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom  -i $outside_int -p tcp --dport 3300 -s 87.233.176.115 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom  -i $outside_int -p tcp --dport 3300 -s $rootnet -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom  -i $outside_int -p tcp --dport 3300 -s $nagios -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom  -i $outside_int -p tcp --dport 3300 -s $vpn -m conntrack --ctstate NEW -j ACCEPT

# DI TCP server, out
DItcppoorten='3000,3001,3002,3003,3004,3005,3006,3007,3008,3009,3010,3030'
$ip4 -A custom  -o $outside_int -p tcp -m multiport --dports $DItcppoorten -d 87.233.176.100 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom  -o $outside_int -p tcp -m multiport --dports $DItcppoorten -d 87.233.176.103 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom  -o $outside_int -p tcp -m multiport --dports $DItcppoorten -d 87.233.176.106 -m conntrack --ctstate NEW -j ACCEPT

secure_server_ports='11999:12003'
$ip4 -A custom -i $outside_int -p tcp -m multiport --dports $secure_server_ports -s 87.233.176.101 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp -m multiport --dports $secure_server_ports -s 87.233.176.102 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp -m multiport --dports $secure_server_ports -s 87.233.176.114 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp -m multiport --dports $secure_server_ports -s 87.233.176.115 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp -m multiport --dports $secure_server_ports -s 87.233.176.104 -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -i $outside_int -p tcp -m multiport --dports $secure_server_ports -s 87.233.176.107 -m conntrack --ctstate NEW -j ACCEPT

## outgoing SMS
$ip4 -A custom  -o $outside_int -p tcp --dport 3030 -d $dualinventivesms -m conntrack --ctstate NEW -j ACCEPT