talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add sftp jail.

Browse Source
This commit is contained in:
Tom Alexander
2024-06-30 23:02:23 -04:00
parent 0363a462a0
commit 566b7dfd0b
27 changed files with 220 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/roles/firewall/files/homeserver_pf.conf
View File

@@ -33,6 +33,10 @@ nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8081 ->
rdr pass on $ext_if inet proto tcp from $not_restricted_nat_v4 to any port 8082 -> 10.215.2.2 port 8082
nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8082 -> 10.215.2.1
# -> sftp
rdr pass on $ext_if inet proto tcp from $not_jail_nat_v4 to any port 8022 -> 10.215.1.216 port 22
nat pass on jail_nat proto {tcp, udp} from any to 10.215.1.216 port 22 -> 10.215.1.1
# Forward ports for unifi controller
# rdr pass on $ext_if inet proto tcp from any to any port 65022 -> 10.213.177.8 port 22
rdr pass on $ext_if inet proto {udp, tcp} from any to any port $unifi_ports -> 10.215.1.202