From 00806d4963e9da8e5a335cc035a5f3dd59634cc2 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 30 May 2026 17:02:01 -0400 Subject: [PATCH] Fix firewall rules for certificate renewal. --- ansible/roles/firewall/files/homeserver_pf.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/roles/firewall/files/homeserver_pf.conf b/ansible/roles/firewall/files/homeserver_pf.conf index 84edc5f..3054fea 100644 --- a/ansible/roles/firewall/files/homeserver_pf.conf +++ b/ansible/roles/firewall/files/homeserver_pf.conf @@ -64,3 +64,5 @@ pass in on $ext_if proto udp to (wlan0) port $udp_pass_in pass in on restricted_nat proto {udp, tcp} from 10.215.2.2 to any port { 53 51820 } tag NATOUT # bastion -> cloak pass in on jail_nat proto {udp, tcp} from 10.215.1.217 to 10.215.2.2 port 8081 tag NATRESTRICTED +# Allow outgoing connections from certificate +pass in on jail_nat proto {udp, tcp} from 10.215.1.220 to any port { 53 80 443 } tag NATOUT