forked from bitlair/ansible
Firewall comments
This commit is contained in:
parent
b51372bfb2
commit
69547fc540
8 changed files with 10 additions and 19 deletions
|
@ -20,7 +20,7 @@ trusted_ranges:
|
|||
# - { v: ipv6, cidr: "2a02:166b:92::/48", comment: "bitlair" } # /48's kunnen niet in de ipset
|
||||
- { v: ipv6, cidr: "2001:678:814:68::/64", comment: "bitlair wifi" }
|
||||
- { v: ipv6, cidr: "2a05:2d01:0:4042::/64", comment: "bitlair servers" }
|
||||
- { v: ipv6, cidr: "2a05:2d01:1337::/48", comment: "eventinfra v6-range" }
|
||||
- { v: ipv6, cidr: "2a05:2d01:1337::/48", comment: "bitlair space v6-range" }
|
||||
- { v: ipv6, cidr: "2a0e:5700:4:2::/64", comment: "foobar ipv6" }
|
||||
trusted_ports:
|
||||
- ssh
|
||||
|
|
|
@ -11,6 +11,5 @@ trusted_ports:
|
|||
- microsoft-ds
|
||||
|
||||
group_nft_input:
|
||||
- "# Allow traffic from wiki"
|
||||
- "ip saddr 204.2.64.19 tcp dport { 4567 } accept"
|
||||
- "ip saddr 204.2.64.19 tcp dport { 4567 } accept # Allow traffic from wiki"
|
||||
|
||||
|
|
|
@ -7,8 +7,7 @@ git_server_title: Gitlair
|
|||
git_server_bootstrap_cert: no
|
||||
|
||||
group_nft_input:
|
||||
- "# Allow ssh(git) + web-traffic from world"
|
||||
- "tcp dport { ssh, http, https } accept"
|
||||
- "tcp dport { ssh, http, https } accept # Allow ssh(git) + web-traffic from world"
|
||||
|
||||
nginx_client_max_body_size: 4G
|
||||
|
||||
|
|
|
@ -3,10 +3,8 @@ acme_san_domains:
|
|||
- [ homeassistant.bitlair.nl ]
|
||||
|
||||
group_nft_input:
|
||||
- "# Allow web-traffic from world"
|
||||
- "tcp dport { http, https } accept"
|
||||
- "# mqtt from world"
|
||||
- "tcp dport { 1883 } accept"
|
||||
- "tcp dport { http, https } accept # Allow web-traffic from world"
|
||||
- "tcp dport { 1883 } accept # mqtt from world"
|
||||
|
||||
nginx_sites:
|
||||
- server_name: "homeassistant.bitlair.nl"
|
||||
|
|
|
@ -4,8 +4,7 @@ acme_san_domains:
|
|||
- ["{{ monitoring_domain }}"]
|
||||
|
||||
group_nft_input:
|
||||
- "# Allow web-traffic from world"
|
||||
- "tcp dport { http, https } accept"
|
||||
- "tcp dport { http, https } accept # Allow web-traffic from world"
|
||||
|
||||
prometheus_scrape_configs:
|
||||
- job_name: "node"
|
||||
|
|
|
@ -25,5 +25,4 @@ nginx_sites:
|
|||
- "}"
|
||||
|
||||
group_nft_input:
|
||||
- "# Allow web-traffic from world"
|
||||
- "tcp dport { http, https } accept"
|
||||
- "tcp dport { http, https } accept # Allow web-traffic from world"
|
||||
|
|
|
@ -3,5 +3,4 @@
|
|||
manage_sshd_config: false
|
||||
|
||||
group_nft_input:
|
||||
- "# Allow SSH from world"
|
||||
- "tcp dport { ssh } accept"
|
||||
- "tcp dport { ssh } accept # Allow SSH from world"
|
||||
|
|
|
@ -5,10 +5,8 @@ acme_san_domains:
|
|||
- [ ravespace.nl ]
|
||||
|
||||
group_nft_input:
|
||||
- "# Allow web-traffic from world"
|
||||
- "tcp dport { http, https } accept"
|
||||
- "# mqtt from world"
|
||||
- "tcp dport { 1883 } accept"
|
||||
- "tcp dport { http, https } accept # Allow web-traffic from world"
|
||||
- "tcp dport { 1883 } accept # mqtt from world"
|
||||
|
||||
nginx_sites:
|
||||
- server_name: "bitlair.nl"
|
||||
|
|
Loading…
Add table
Reference in a new issue