You've already forked firewall
Ludovic Cartier
38 lines
920 B
YAML
38 lines
920 B
YAML
---
|
|
# Interface used for optional logging rules in the firewall script.
|
|
# If null, ansible_default_ipv4.interface is used.
|
|
firewall_public_interface: null
|
|
|
|
# IPv4 source networks allowed to access admin-restricted services.
|
|
firewall_admin_sources:
|
|
- cidr: "51.158.69.165/32"
|
|
comment: "monit.brainsys.io"
|
|
- cidr: "82.66.138.56/32"
|
|
comment: "wireguard.brainsys.io"
|
|
|
|
# IPv4 services restricted to firewall_admin_sources.
|
|
firewall_admin_rules_ipv4:
|
|
- proto: "udp"
|
|
dport: 51820
|
|
comment: "admin - IPv4 wireguard"
|
|
- proto: "tcp"
|
|
dport: 873
|
|
comment: "admin - IPv4 rsync"
|
|
- proto: "tcp"
|
|
dport: 5666
|
|
comment: "admin - IPv4 nrpe"
|
|
- proto: "tcp"
|
|
dport: 4949
|
|
comment: "admin - IPv4 munin-node"
|
|
|
|
# Public IPv4 TCP ports open to everyone.
|
|
firewall_public_tcp_ports_ipv4:
|
|
- 22
|
|
- 80
|
|
- 443
|
|
|
|
# Public IPv6 TCP ports open to everyone.
|
|
firewall_public_tcp_ports_ipv6:
|
|
- 80
|
|
- 443
|