Browse Source

update management fwrule set

master
Sean Johnson 11 months ago
parent
commit
23c0eccbf3
  1. 3
      fwrules/init.sls
  2. 5
      fwrules/templates/sets.nft.j2

3
fwrules/init.sls

@ -83,6 +83,9 @@ fwrules: @@ -83,6 +83,9 @@ fwrules:
- reload: true
- watch:
- file: /lib/systemd/system/fwrules.service
- file: /etc/firewall/_restart.nft
- file: /etc/firewall/sets.nft
- file: /etc/firewall/chains.nft
- file: /etc/firewall/firewall.nft
{{ "nft"|which }} -f /etc/firewall/firewall.nft:

5
fwrules/templates/sets.nft.j2

@ -22,8 +22,9 @@ define {{ name }} = {}; @@ -22,8 +22,9 @@ define {{ name }} = {};
public_addresses("app:saltbox", target_type="grain", addr_type="ipv6")
) -%}
{{ nft_define("management4", ["adephagia.synology.me", "107.155.67.64/29"] + priv4) }}
{{ nft_define("management6", ["adephagia.synology.me", "2604:880:396::/48"] + priv6) }}
{%- set home4, home6 = salt["minion_net.flatten_hostnames"]([{"adephagia.synology.me": {"widen_ipv6": 64}}]) -%}
{{ nft_define("management4", ["107.155.67.64/29"] + priv4 + home4) }}
{{ nft_define("management6", ["2604:880:396::/48"] + priv6 + home6) }}
{{ nft_define("scrapers4", public_addresses("app:metrics", target_type="grain", addr_type="ipv4")|list) }}
{{ nft_define("scrapers6", public_addresses("app:metrics", target_type="grain", addr_type="ipv6")|list) }}

Loading…
Cancel
Save