iptables: add some missing rules
All checks were successful
bundlewrap/pipeline/head This commit looks good

This commit is contained in:
Franzi 2021-03-21 12:01:56 +01:00
parent 087bc4c669
commit 691c3e7bc2
Signed by: kunsi
GPG key ID: 12E3D2136B818350
2 changed files with 20 additions and 0 deletions

View file

@ -48,6 +48,15 @@ nodes['home.nas'] = {
'groups': { 'groups': {
'nas': {}, 'nas': {},
}, },
'iptables': {
'custom_rules': [
# Dell ULNM
'iptables -A INPUT -p tcp --dport 4679 -j ACCEPT',
# mosquitto
'iptables_both -A INPUT -p tcp --dport 1883 -j ACCEPT',
'iptables_both -A INPUT -p tcp --dport 8083 -j ACCEPT',
],
},
'nfs-server': { 'nfs-server': {
'shares': { 'shares': {
'/storage/nas': { '/storage/nas': {

View file

@ -128,6 +128,17 @@ nodes['htz.ex42-1048908'] = {
'iptables_both -A INPUT -p udp --dport 60000:61000 -j ACCEPT', # mosh 'iptables_both -A INPUT -p udp --dport 60000:61000 -j ACCEPT', # mosh
'iptables_both -A INPUT -p tcp --dport 9001 -j ACCEPT', # weechat 'iptables_both -A INPUT -p tcp --dport 9001 -j ACCEPT', # weechat
'iptables_both -A INPUT -p tcp --dport 113 -j ACCEPT', # oidentd 'iptables_both -A INPUT -p tcp --dport 113 -j ACCEPT', # oidentd
# libvirt rules. These are also added by libvirt itself,
# but they would be overridden by our own iptables
# management.
'iptables -A INPUT -i virbr0 -p udp --dport 53 -j ACCEPT',
'iptables -A INPUT -i virbr0 -p tcp --dport 53 -j ACCEPT',
'iptables -A INPUT -i virbr0 -p udp --dport 67:68 -j ACCEPT',
'iptables -A INPUT -i virbr0 -p tcp --dport 67:68 -j ACCEPT',
'iptables -A FORWARD -i virbr0 -j ACCEPT',
'iptables -A FORWARD -o virbr0 -j ACCEPT',
'iptables -t nat -A POSTROUTING -o enp0s31f6 -j MASQUERADE',
], ],
}, },
'letsencrypt': { 'letsencrypt': {