You've already forked firewall
various fixes & updates
This commit is contained in:
Ludovic Cartier
@@ -0,0 +1,37 @@
|
||||
---
|
||||
# Interface used for optional logging rules in the firewall script.
|
||||
# If null, ansible_default_ipv4.interface is used.
|
||||
firewall_public_interface: null
|
||||
|
||||
# IPv4 source networks allowed to access admin-restricted services.
|
||||
firewall_admin_sources:
|
||||
- cidr: "51.158.69.165/32"
|
||||
comment: "monit.brainsys.io"
|
||||
- cidr: "82.66.138.56/32"
|
||||
comment: "wireguard.brainsys.io"
|
||||
|
||||
# IPv4 services restricted to firewall_admin_sources.
|
||||
firewall_admin_rules_ipv4:
|
||||
- proto: "udp"
|
||||
dport: 51820
|
||||
comment: "admin - IPv4 wireguard"
|
||||
- proto: "tcp"
|
||||
dport: 873
|
||||
comment: "admin - IPv4 rsync"
|
||||
- proto: "tcp"
|
||||
dport: 5666
|
||||
comment: "admin - IPv4 nrpe"
|
||||
- proto: "tcp"
|
||||
dport: 4949
|
||||
comment: "admin - IPv4 munin-node"
|
||||
|
||||
# Public IPv4 TCP ports open to everyone.
|
||||
firewall_public_tcp_ports_ipv4:
|
||||
- 22
|
||||
- 80
|
||||
- 443
|
||||
|
||||
# Public IPv6 TCP ports open to everyone.
|
||||
firewall_public_tcp_ports_ipv6:
|
||||
- 80
|
||||
- 443
|
||||
Reference in New Issue
Block a user