more firewall configs

2024-07-24 22:00:44 +02:00 · 2024-07-24 22:00:44 +02:00 · aa242b0327
commit aa242b0327
parent ff6649ab71
6 changed files with 20 additions and 1 deletions
--- a/group_vars/bank.yaml
+++ b/group_vars/bank.yaml
@ -0,0 +1,3 @@
+---
+
+nft: true
--- a/group_vars/fotos.yaml
+++ b/group_vars/fotos.yaml
@ -1,6 +1,9 @@
+
 root_access:
  - ak
  - foobar
  - linor
  - polyfloyd
  - wilco
+
+nft: true
--- a/group_vars/git-ci.yaml
+++ b/group_vars/git-ci.yaml
@ -1 +1,5 @@
+---
+
 forgejo_url: https://git.bitlair.nl
+
+nft: false
--- a/group_vars/lights.yaml
+++ b/group_vars/lights.yaml
@ -0,0 +1,3 @@
+---
+
+nft: true
--- a/group_vars/mqtt.yaml
+++ b/group_vars/mqtt.yaml
@ -0,0 +1,6 @@
+---
+
+nft: true
+
+nft_group_rules:
+  - { version: "ip6", from: [ '2001:470:7f95::/48' ], port: "1883" }
--- a/roles/nft/templates/nftables.conf.j2
+++ b/roles/nft/templates/nftables.conf.j2
@ -81,7 +81,7 @@ set trusted6 {
 {%     if custom.comment is defined %}
        # {{ custom.comment|default('') }}
 {%     endif %}
-        ip saddr { {{ custom.from | join(', ') }} } {{ custom.proto | default('tcp') }} dport { {{ custom.port }} } {{ custom.policy | default('accept') }}
+        {{ custom.version|default('ip') }} saddr { {{ custom.from | join(', ') }} } {{ custom.proto | default('tcp') }} dport { {{ custom.port }} } {{ custom.policy | default('accept') }}

 {% endfor %}