bundles/nftables: store rules in dedicated files instead of nftables.conf

2021-12-14 14:03:13 +01:00 · 2021-12-14 14:03:13 +01:00 · 0101e0c92d
commit 0101e0c92d
parent 1742f51778
11 changed files with 77 additions and 102 deletions
--- a/nodes/htz-cloud/influxdb.py
+++ b/nodes/htz-cloud/influxdb.py
@ -51,6 +51,11 @@ nodes['htz-cloud.influxdb'] = {
                },
            },
        },
+        #'openssh': {
+        #    'restrict-to': {
+        #        'versatel',
+        #    },
+        #},
        'vm': {
            'cpu': 1,
            'ram': 2,
--- a/nodes/htz-cloud/miniserver.py
+++ b/nodes/htz-cloud/miniserver.py
@ -181,12 +181,10 @@ nodes['htz-cloud.miniserver'] = {
        },
        'nftables': {
            'rules': {
-                'input': {
-                    'sophie-weechat': [
-                        'udp dport { 60000-61000 } accept',
-                        'tcp dport 9001 accept',
-                    ],
-                },
+                '50-sophie-weechat': [
+                    'inet filter input udp dport { 60000-61000 } accept',
+                    'inet filter input tcp dport 9001 accept',
+                ],
            },
        },
        'nginx': {