Allow nebula through firewall

2023-11-03 18:06:36 +00:00
parent b1284877a3
commit 850278ab19
6 changed files with 9 additions and 2 deletions
--- a/ansible/roles/ingress/files/nftables.conf
+++ b/ansible/roles/ingress/files/nftables.conf
@ -12,6 +12,9 @@ table inet filter {
        iif lo accept

        tcp dport {http, https, {{ ssh_port }}, 8443, 8448} accept
+
+        # Allow nebula
+        udp dport {{ nebula_listen_port }} accept;
    }

    chain POSTROUTING {
--- a/ansible/roles/ingress/tasks/firewall.yml
+++ b/ansible/roles/ingress/tasks/firewall.yml
@ -9,7 +9,7 @@
    dest: /etc/nftables.conf
    validate: nft -c -f %s
  become: true
-  notify: reload firewall
+  notify: reload nftables

 - name: Enable nftables
  service: