talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Also handle internal connections to port 6443.

Browse Source
This commit is contained in:
Tom Alexander 2023-06-05 16:39:12 -04:00
parent 5f590a8271
commit bb41cb6a96
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/roles/firewall/files/mrmanager_pf.conf
View File

@ -20,7 +20,9 @@ nat pass on $not_ext_if inet from $jail_nat_v4 to 10.215.1.1 port 53 -> ($ext_if
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53 rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53
rdr pass on $ext_if inet proto tcp from $not_jail_nat_v4 to any port 6443 -> 10.215.1.204 port 6443 rdr pass on $ext_if inet proto tcp from $not_jail_nat_v4 to any port 6443 -> 10.215.1.204 port 6443
nat pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.204 port 6443 -> (jail_nat) rdr pass on jail_nat inet proto tcp from $jail_nat_v4 to any port 6443 -> 10.215.1.204 port 6443
nat pass on $not_ext_if proto {tcp, udp} from $not_jail_nat_v4 to 10.215.1.204 port 6443 -> (jail_nat)
nat pass on $not_ext_if proto {tcp, udp} from $jail_nat_v4 to 10.215.1.204 port 6443 -> (jail_nat)
# filtering # filtering