Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions

bastion: move these to block rules too

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2025-04-29 11:40:13 -07:00
parent ebffcee73c
commit 35eadbbf4b
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
inventory/group_vars/bastion
View file

@ -7,7 +7,7 @@
# allow ntp from internal RH 10 nets
#
custom_rules: ['-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited', '-A INPUT -s 10.0.0.0/8 -p udp -m udp --dport 123 -j ACCEPT']
nft_custom_rules:
nft_block_rules:
- 'add rule ip filter INPUT ip saddr 192.168.100.0/24 counter reject with icmp type host-prohibited'
- 'add rule ip filter INPUT ip saddr 10.0.0.0/8 udp dport 123 counter accept'
#

2
inventory/group_vars/bastion_stg
View file

@ -18,7 +18,7 @@ batcave_ipa_client_shell_groups: []
# allow ntp from internal RH 10 nets
#
custom_rules: ['-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited', '-A INPUT -s 10.0.0.0/8 -p udp -m udp --dport 123 -j ACCEPT']
nft_custom_rules:
nft_block_rules:
- 'add rule ip filter INPUT ip saddr 192.168.100.0/24 counter reject with icmp type host-prohibited'
- 'add rule ip filter INPUT ip saddr 10.0.0.0/8 udp dport 123 counter accept'
#