]> git.openstreetmap.org Git - chef.git/commitdiff
projects / chef.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 00a01da)
Port custom firewall rule to nftables
authorTom Hughes <tom@compton.nu>
Tue, 7 Mar 2023 19:19:14 +0000 (19:19 +0000)
committerTom Hughes <tom@compton.nu>
Tue, 7 Mar 2023 19:19:14 +0000 (19:19 +0000)
roles/nepomuk.rb patch | blob | history

diff --git a/roles/nepomuk.rb b/roles/nepomuk.rb
index 4abe868d14c594333ae363efc9b71e547a76a348..f57f73921ab17a97a47184afca84e779abaf9f45 100644 (file)
--- a/roles/nepomuk.rb
+++ b/roles/nepomuk.rb
@@ -4,17 +4,8 @@ description "Master role applied to nepomuk"
 default_attributes(
   :networking => {
     :firewall => {
-      :inet => [
-        {
-          :action => "ACCEPT",
-          :source => "net:77.95.64.120,77.95.64.131,77.95.64.139",
-          :dest => "fw",
-          :proto => "tcp",
-          :dest_ports => "5666",
-          :source_ports => "1024:",
-          :rate_limit => "-",
-          :connection_limit => "-"
-        }
+      :incoming => [
+        "tcp sport { 1024-65535 } tcp dport { 5666 } ip saddr { 77.95.64.120, 77.95.64.131, 77.95.64.139 } ct state new accept"
       ]
     },
     :interfaces => {
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.