Add the admin_git jail.

This jail hosts the git repo used for the kubernetes cluster manifests. It lives in a jail instead of inside a git website hosted inside kubernetes because it is needed for the bootstrapping process, creating a chicken-and-egg type of scenario. I figure I can set up mirroring of the git repo to a hosted git website for publishing.
2023-06-17 17:35:09 -04:00
parent 0f1769dd1f
commit 62ade773d8
5 changed files with 37 additions and 0 deletions
--- a/ansible/roles/firewall/files/mrmanager_pf.conf
+++ b/ansible/roles/firewall/files/mrmanager_pf.conf
@@ -25,6 +25,12 @@ rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to any port 6443 -> 10.215
 nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.204 port 6443 -> (jail_nat)
 nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.204 port 6443 -> (jail_nat)

+rdr pass on $ext_if inet proto tcp from $not_jail_nat_v4 to any port 65099 -> 10.215.1.210 port 22
+rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to any port 65099 -> 10.215.1.210 port 22
+nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.210 port 65099 -> (jail_nat)
+nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.210 port 65099 -> (jail_nat)
+
+

 # filtering
 block log all