bitlair/ansible
6
0
Fork 1
Code Issues Pull requests Releases Activity

Fix mqtt + fotos firewall rules

Browse source
This commit is contained in:
Mark Janssen 2024-07-25 10:42:25 +02:00
parent cce26a4395
commit 631e09ff74
Signed by: foobar
GPG key ID: D8674D8FC4F69BD2
3 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
group_vars/all.yaml
View file

@ -14,6 +14,7 @@ trusted_ranges:
- { v: ipv4, cidr: "100.64.0.0/10", comment: "bitlair" }
- { v: ipv4, cidr: "185.205.52.194/32", comment: "bitlair A2B" } # kan weg ??
- { v: ipv4, cidr: "31.187.251.213/32", comment: "foobar thuis" }
- { v: ipv4, cidr: "185.205.53.40/32", comment: "ak / koopen.net" }
# - { v: ipv6, cidr: "::/0", comment: "ipv6 localhost" }
# - { v: ipv6, cidr: "fe80::/10", comment: "ipv6 link-local" }
# - { v: ipv6, cidr: "2a02:166b:92::/48", comment: "bitlair" } # /48's kunnen niet in de ipset

5
group_vars/fotos.yaml
View file

@ -5,3 +5,8 @@ root_access:
- linor
- polyfloyd
- wilco
group_nft_input:
- "# Allow traffic from wiki"
- "ip saddr 204.2.64.19 tcp dport { 4567 } accept"

4
group_vars/mqtt.yaml
View file

@ -2,3 +2,7 @@
nft_group_rules:
- { version: "ip6", from: [ '2001:470:7f95::/48' ], port: "1883" }
group_nft_input:
- ip saddr @trusted4 tcp dport { 1883 } accept
- ip6 saddr @trusted6 tcp dport { 1883 } accept