From b51372bfb22da8de6ed052e099e760214d7e00d4 Mon Sep 17 00:00:00 2001
From: Mark Janssen <mark@sig-io.nl>
Date: Mon, 2 Dec 2024 21:53:39 +0100
Subject: [PATCH] Firewall rules

---
 group_vars/all.yaml   | 1 +
 group_vars/shell.yaml | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/group_vars/all.yaml b/group_vars/all.yaml
index 18707fc..dd6b832 100644
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -20,6 +20,7 @@ trusted_ranges:
 #  - { v: ipv6, cidr: "2a02:166b:92::/48", comment: "bitlair" } # /48's kunnen niet in de ipset
   - { v: ipv6, cidr: "2001:678:814:68::/64", comment: "bitlair wifi" }
   - { v: ipv6, cidr: "2a05:2d01:0:4042::/64", comment: "bitlair servers" }
+  - { v: ipv6, cidr: "2a05:2d01:1337::/48", comment: "eventinfra v6-range" }
   - { v: ipv6, cidr: "2a0e:5700:4:2::/64", comment: "foobar ipv6" }
 trusted_ports:
   - ssh
diff --git a/group_vars/shell.yaml b/group_vars/shell.yaml
index 238e2cc..4c28989 100644
--- a/group_vars/shell.yaml
+++ b/group_vars/shell.yaml
@@ -1,3 +1,7 @@
 ---
 
 manage_sshd_config: false
+
+group_nft_input:
+  - "# Allow SSH from world"
+  - "tcp dport { ssh } accept"