---
# Interface used for optional logging rules in the firewall script.
# If null, ansible_default_ipv4.interface is used.
firewall_public_interface: null

# IPv4 source networks allowed to access admin-restricted services.
firewall_admin_sources:
  - cidr: "51.158.69.165/32"
    comment: "monit.brainsys.io"
  - cidr: "82.66.138.56/32"
    comment: "wireguard.brainsys.io"

# IPv4 services restricted to firewall_admin_sources.
firewall_admin_rules_ipv4:
  - proto: "udp"
    dport: 51820
    comment: "admin - IPv4 wireguard"
  - proto: "tcp"
    dport: 873
    comment: "admin - IPv4 rsync"
  - proto: "tcp"
    dport: 5666
    comment: "admin - IPv4 nrpe"
  - proto: "tcp"
    dport: 4949
    comment: "admin - IPv4 munin-node"

# Public IPv4 TCP ports open to everyone.
firewall_public_tcp_ports_ipv4:
  - 22
  - 80
  - 443

# Public IPv6 TCP ports open to everyone.
firewall_public_tcp_ports_ipv6:
  - 80
  - 443