Make trusted_ports list

2024-07-25 10:53:44 +02:00 · 2024-07-25 10:53:44 +02:00 · 35a63d7aaa
commit 35a63d7aaa
parent 631e09ff74
4 changed files with 11 additions and 5 deletions
--- a/roles/nft/templates/nftables.conf.j2
+++ b/roles/nft/templates/nftables.conf.j2
@ -73,8 +73,8 @@ set trusted6 {
        } accept

        # Open ssh only for trusted machines
-        ip saddr @trusted4 tcp dport { ssh } accept
-        ip6 saddr @trusted6 tcp dport { ssh } accept
+        ip saddr @trusted4 tcp dport { {{ trusted_ports|join(', ') }} } accept
+        ip6 saddr @trusted6 tcp dport { {{ trusted_ports|join(', ') }} } accept

        # Rules based on group-vars
 {% for custom in nft_group_rules %}