rework firewall setup

2023-09-24 20:59:58 +02:00 · 2023-09-24 20:59:58 +02:00 · cd48cf495d
commit cd48cf495d
parent be62c1270f
30 changed files with 145 additions and 122 deletions
--- a/bundles/kea-dhcp-server/metadata.py
+++ b/bundles/kea-dhcp-server/metadata.py
@ -66,16 +66,16 @@ def get_static_allocations(metadata):


@metadata_reactor.provides(
-    'nftables/rules/10-kea-dhcp-server',
+    'nftables/input/10-kea-dhcp-server',
 )
 def nftables(metadata):
    rules = set()
    for iface in node.metadata.get('kea-dhcp-server/subnets', {}):
-        rules.add(f'inet filter input udp dport {{ 67, 68 }} iif {iface} accept')
+        rules.add(f'udp dport {{ 67, 68 }} iifname {iface} accept')

    return {
        'nftables': {
-            'rules': {
+            'input': {
                # can't use port_rules here, because we're generating interface based rules.
                '10-kea-dhcp-server': sorted(rules),
            },