feat: add ufw portless proto support
All checks were successful
ci/woodpecker/push/linting Pipeline was successful
All checks were successful
ci/woodpecker/push/linting Pipeline was successful
This commit is contained in:
parent
ccdeaba447
commit
b1a5b11af6
2 changed files with 8 additions and 1 deletions
|
|
@ -30,6 +30,12 @@ firewall_basic_rules:
|
||||||
to_port: "22"
|
to_port: "22"
|
||||||
from_ip: "192.168.10.55"
|
from_ip: "192.168.10.55"
|
||||||
firewall_host_rules: []
|
firewall_host_rules: []
|
||||||
|
firewall_portless_protocols:
|
||||||
|
- "ah"
|
||||||
|
- "esp"
|
||||||
|
- "gre"
|
||||||
|
- "igmp"
|
||||||
|
- "vrrp"
|
||||||
|
|
||||||
# ntp
|
# ntp
|
||||||
ntp_server: "time.cloudflare.com"
|
ntp_server: "time.cloudflare.com"
|
||||||
|
|
|
||||||
|
|
@ -60,7 +60,8 @@
|
||||||
direction: "in"
|
direction: "in"
|
||||||
proto: "{{ item.proto | default('tcp') }}"
|
proto: "{{ item.proto | default('tcp') }}"
|
||||||
from_ip: "{{ item.from_ip }}"
|
from_ip: "{{ item.from_ip }}"
|
||||||
to_port: "{{ item.to_port }}"
|
to_port:
|
||||||
|
"{{ omit if (item.proto | default('tcp')) in common_firewall_portless_protocols else item.to_port }}"
|
||||||
loop: "{{ __firewall_all_rules }}"
|
loop: "{{ __firewall_all_rules }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: " {{ item.name }}"
|
label: " {{ item.name }}"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue