Skip to content
Snippets Groups Projects
Commit 5d011c95 authored by Rafael László's avatar Rafael László :speech_balloon:
Browse files

template nftables accepted ports

parent dce5a59b
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
defaults/main.yml
+ 5
0
View file @ 5d011c95
...@@ -10,6 +10,11 @@ lan_port: ens224 ...@@ -10,6 +10,11 @@ lan_port: ens224
# dnat: # dnat:
# - dport: 6443 # - dport: 6443
# to: 192.168.69.1:6443 # to: 192.168.69.1:6443
# accept:
# - saddr: 152.66.0.0/16
# dport: 10022
# - saddr: 10.0.0.0/8
# dport: 10022
# netplan: # netplan:
# network: # network:
......
templates/etc/nftables.conf.j2
+ 5
1
View file @ 5d011c95
...@@ -22,7 +22,11 @@ table inet filter { ...@@ -22,7 +22,11 @@ table inet filter {
ip protocol icmp accept ip protocol icmp accept
tcp dport {{ ssh_port | default("10022", true) }} accept comment "SSH in" {% if nftables.accept is defined %}
{% for accept in nftables.accept %}
ip saddr {{ accept.saddr }} tcp dport {{ accept.dport }} accept comment "{{ accept.comment }}"
{% endfor %}
{% endif %}
} }
chain forward { chain forward {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Hosted with :heart: by KSZK