Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Add the main nft_block_rules addition to bastion template.

Browse source 
Signed-off-by: James Antill <james@and.org>
This commit is contained in:
James Antill 2025-04-29 15:05:29 -04:00
parent 35eadbbf4b
commit 2e3f4fa81c
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
roles/base/templates/nftables/nftables.bastion
View file

@ -94,6 +94,13 @@ add rule ip filter INPUT ip saddr 216.205.24.0/24 tcp dport 25 counter accept
add rule ip filter INPUT ip saddr 63.128.21.0/24 tcp dport 25 counter accept
add rule ip filter INPUT ip saddr 207.211.30.40/26 tcp dport 25 counter accept
{% if nft_block_rules is defined %}
# if there are block rules - put them in as-is
{% for rule in nft_block_rules %}
{{ rule }}
{% endfor %}
{% endif %}
# if the host/group defines incoming tcp_ports - allow them
{% if tcp_ports is defined %}
{% for port in tcp_ports %}