From 626075ee94e4e58937cf4243c21fde69775ca699 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sun, 21 Mar 2021 11:12:42 +0100
Subject: [PATCH] nodes/htz.ex42-1048908: add some iptables rules for unmanaged
 services

---
 nodes/htz/ex42-1048908.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/nodes/htz/ex42-1048908.py b/nodes/htz/ex42-1048908.py
index c7f0639..ce6b0f3 100644
--- a/nodes/htz/ex42-1048908.py
+++ b/nodes/htz/ex42-1048908.py
@@ -122,6 +122,14 @@ nodes['htz.ex42-1048908'] = {
             'oauth_secret_key': vault.decrypt('encrypt$gAAAAABfPnbfTISbldhS0WyxVKBHVVoOMcar7Kxmh1kkmiUGd-RzbbnNzzhEER_owjttPQcACPfGKZ6WklaSsXjLq8km4P6A9QmPbC06GmHbc91m0odCb1KiY7SZeUD35PiRiGSq50dz'),
             'security_secret_key': vault.decrypt('encrypt$gAAAAABfPnc-R7pkDj4pQgHDb6pzlNYNJgiWdeBFsX7IsHSnCtNPbZxCdtSL8cHtQzVO1KbSxS7zCwssmgiR8Kj54Z-koD-FQbjpbKWoIPw8SsyeqBVlZhIeEzhw_1t7_7ZTvv1O8AePdNYel9JJb_TaAZ8Vx46ZfsEPy8zaaHrqOekHC6RAnB4='),
         },
+        'iptables': {
+            # TODO move to bundles
+            'custom_rules': [
+                'iptables_both -A INPUT -p udp --dport 60000:61000 -j ACCEPT', # mosh
+                'iptables_both -A INPUT -p tcp --dport 9001 -j ACCEPT', # weechat
+                'iptables_both -A INPUT -p tcp --dport 113 -j ACCEPT', # oidentd
+            ],
+        },
         'letsencrypt': {
             'concat_and_deploy': {
                 'kunsi-weechat': {