modify nodes and bundles for new nftables syntax

2021-06-03 13:59:15 +02:00 · 2021-06-03 13:59:15 +02:00 · d569b00960
commit d569b00960
parent ecb67d012b
30 changed files with 172 additions and 126 deletions
--- a/nodes/htz-cloud/miniserver.py
+++ b/nodes/htz-cloud/miniserver.py
@ -83,13 +83,6 @@ nodes['htz-cloud.miniserver'] = {
        'icinga_options': {
            'vars.notification.sms': False,
        },
-        'iptables': {
-            'custom_rules': [
-                'iptables_both -A INPUT -p udp --dport 60000:61000 -j ACCEPT', # mosh
-                'iptables_both -A INPUT -p tcp --dport 9001 -j ACCEPT', # weechat
-
-            ],
-        },
        'letsencrypt': {
            'concat_and_deploy': {
                'sophie-weechat': {
@ -151,6 +144,16 @@ nodes['htz-cloud.miniserver'] = {
                'bot_token': '""',
            },
        },
+        'nftables': {
+            'rules': {
+                'input': {
+                    'sophie-weechat': [
+                        'udp dport { 60000-61000 } accept',
+                        'tcp dport 9001 accept',
+                    ],
+                },
+            },
+        },
        'nginx': {
            'vhosts': {
                #'dimension.sophies-kitchen.eu': {