talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix firewall rules for certificate renewal.

Browse Source
This commit is contained in:
Tom Alexander
2026-05-30 17:02:01 -04:00
parent a8822d0bfb
commit 00806d4963
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/roles/firewall/files/homeserver_pf.conf
View File

@@ -64,3 +64,5 @@ pass in on $ext_if proto udp to (wlan0) port $udp_pass_in
pass in on restricted_nat proto {udp, tcp} from 10.215.2.2 to any port { 53 51820 } tag NATOUT pass in on restricted_nat proto {udp, tcp} from 10.215.2.2 to any port { 53 51820 } tag NATOUT
# bastion -> cloak # bastion -> cloak
pass in on jail_nat proto {udp, tcp} from 10.215.1.217 to 10.215.2.2 port 8081 tag NATRESTRICTED pass in on jail_nat proto {udp, tcp} from 10.215.1.217 to 10.215.2.2 port 8081 tag NATRESTRICTED
# Allow outgoing connections from certificate
pass in on jail_nat proto {udp, tcp} from 10.215.1.220 to any port { 53 80 443 } tag NATOUT